Ever since their invention in 1937, baby monitors have afforded the parents of small children the ability to keep tabs on their child’s safety without physically being in the same room. While they are designed with safety in mind, new research has revealed that some modern, sophisticated baby monitors come with shockingly unwelcome security vulnerabilities. According to New York-based cyber-security company Rapid7, several models of WiFi-equipped baby monitors that stream videos to web-based APIs are vulnerable to hacking attacks.To make things worse, Cory Doctorow recently reported on Boing Boing that (as if it wasn’t bad enough that hackers have been compromising wireless baby monitors since 2013) there’s now a search engine called Shodan that will allow anyone to search for vulnerable baby monitors and other devices.
Doctorow, Rapid7 and other network security experts have long cautioned against the general lack of security that these IoT gadgets tend to have. Finding their way from the lab to the factory to the shelf and eventually, into people’s homes, these products are put to use without standardized security measures in place, and it’s only getting worse.
While the concerns that arise from the possibility of a hacker taking control of the camera in a baby monitor are scary enough — there may be additional worries to consider. Since WiFi-equipped baby monitors actually have small computers inside that talk to the Internet, hackers could use it to observe activity on your home network and thereby acquire other sensitive information.
The picture for the future of smart homes is also a concern. Doctorow points out that the quantity of insecure devices make the Internet less secure for everyone. In the future we may see malware on smart home webcams, DDoS attacks on vulnerable webcams, police cams and more. This makes the serious vulnerability of IoT enable devices a serious privacy and security issue.
Mark Stanislav, a consultant and researcher for Rapid7,claims that manufacturers are starting to realize that security standards are earnestly needed for Internet-connected devices, but the change may not come as soon as consumers might wish. “We’re seeing movement in the right direction,” he said.
While standards are created, Stanislav asserts the best thing for consumers to do is keep their devices up-to-date with the manufacturer’s software. Furthermore, all default passwords should be changed and it might be wise to unplug the device when not in use to minimize network exposure. Even with these precautions, there is still much work to be done in the industry for IoT devices to become as secure as they can be. As a consumer, the best defense is to be informed.
Join us in working to make the web a better place; become an OpenStand advocate! You can: