In September 2015, researchers from the Rapid7 security firm discovered a number of security vulnerabilities affecting several Video Baby Monitors.
Rapid7 analyzed baby monitors from six vendors, ranging in price from $55 to $260 in order to assess their security. The list of baby monitor analyzed includes the Philips In.Sight B120/37, the iBaby M3S and M6 models, the Summer Infant Baby Zoom,TrendNet Wi-Fi Baby Cam, the Lens Peek-a-View and a Gynoii device.
Flaws affecting baby monitors represent a serious threat to the privacy of the families. Baby monitors are smart devices always online equipped with a camera and a microphone, all the necessary to spy on the surrounding environment.
A couple of years another case was in the headlines, a Russian website was allowing users to spy from more than 73,000 live streams from unprotected baby monitors.
What is changed during the last couple of years on the privacy perspective? Nothing, online it is quite easy to find vulnerable baby monitors. The UK’s data watchdog has warned that baby monitors are still open to cyber attacks and it is inviting manufacturers to improve cyber security of their products.
Hackers still violate users’ privacy by spying on their kids through hacker baby monitors and unfortunately these images are publicly available online.
The Information Commissioner’s Office took action to avoid this kind of incidents, so it issued a guidance to help users to secure their devices.
“Internet of Things products such as baby monitors, music systems, and photo or document storage, which can be accessed online, are at risk of revealing your personal details to other people,” said the Information Commissioner’s Office technology manager Simon Rice.
“A lack of security when it comes to IoT devices could mean that a search engine is used by criminals to locate vulnerable devices and then gain access to them or others on your home network. An attacker could then use your equipment to mount attacks on others or take your personal data to commit identity fraud.”
The guidance provides a list of simple as effective measures to prevent the hack of baby monitors.
He lists six basic steps parents can take to help prevent casual hackers:
The ICO did not disclose the name of websites where it is possible to access the streams belonging to vulnerable baby monitors.
“We wouldn’t recommend any specific models but would advise consumers to follow our tips when purchasing and setting up an IoT device. Even the most secure device can be subject to unauthorised access if the username and password was set to, or left as, admin.” reported Ars.
Unfortunately, security of IoT device is already an emergency, billion of devices potentially hackable are exposed online.
The ICO confirmed that its experts are continuing to work with manufacturers on how to improve the security of such devices and prevent security and privacy breaches.
(Security Affairs – baby monitors, IoT)