NEW YORK — Several of the most popular Internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm.
The possibility of an unknown person watching their baby’s every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wi-Fi-enabled devices in a person’s home, such as a personal computer or security system.
The research released Wednesday by Boston-based Rapid7 Inc. looks at nine baby monitors made by eight different companies. They range in price from $55 to $260.
The cameras are often mounted over a baby’s crib or another place where they spend a large amount of time. They work by filming the child, then sending that video stream to a personal website or an app on a smartphone or tablet. Some of the cameras also feature noise or motion detectors and alert parents when the baby makes a sound or moves.
“There’s a certain leap of faith you’re taking with your child when you use one of these,” says Mark Stanislav, a senior security consultant at Rapid7 and one of the report’s authors.
The Rapid7 researchers found serious security problems and design flaws in all of the cameras they tested. Some had hidden, unchangeable passwords, often listed in their manuals or online, that could be used to gain access. In addition, some of the devices didn’t encrypt their data streams, or some of their web or mobile features, Stanislav says.
In the Rapid7 study, researchers rated the devices’ security on a 250-point scale. The scores then received a grade of between “A” and “F.” Of those tested, eight received an “F,” while one received a “D.”
All of the camera manufacturers were notified of the problems.
For example, researchers noted that the Phillips In.Sight B120 baby monitor, which retails for about $78, had a direct, unencrypted connection to the Internet. That could allow a hacker watch its video stream online, as well as remotely access the camera itself and change its settings, the report says.
The researchers also tested the iBaby and iBaby M3S, Summer Infant’s Summer Baby Zoom WiFi Monitor & Internet Viewing System, Lens Peek-a-View, Gynoii, TRENDnet WiFi Baby Cam TV-IP743SIC, WiFiBaby WFB2015 and Withings WBP01.
Copy the Story LinkSend questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.