A mother recently claimed that her baby monitor had been used to spy on her family. A scene from a movie? Nope. It really happened, and it could happen to you too.
This particular monitor was the Fredi WiFi baby monitor, but many monitors are equally as vulnerable. According to researchers, the devices can easily be hacked by hijackers who can then use the cameras to watch people in their homes.
The mother referred to above, Jamie Summitt, discovered the hacking when she noticed her baby monitor panning around the room on its own: “I looked over on my phone and saw that it was slowly panning over across the room to where our bed was and stopped,” she told NPR in an interview. She was also unexplainably locked out of the device’s control panel.
Her first thought, she said, was that her monitor was haunted: “We were naive,” she continued, but noted that she never in a million years imagined the monitor she had just bought to check on her son Noah could be hacked.
“I would have never, ever bought something if I thought it was this easy of a security risk,” she told NPR. “When I was making my baby registry, nobody warned me — no other mom said anything. It’s not common knowledge.”
Hacking a baby monitor is easier than you think
Security researchers have looked into this; they found that the service that connects the device to the cloud can easily be accessed by an 8-digit number. There is also a default password. All someone has to do is access the online portal, use the default password, and then enter random numbers until they find one that works. The default password can be changed, but many parents don’t take the time or even realize that they should change it. This means that anyone with even a tiny bit of hacking knowledge can break into the device.
Excuse the pun, but this is literally child’s play for hackers.
Baby monitor hacked? It gets worse…
Summitt had actually changed the default password on her baby monitor. She’d done everything right, and yet she’d still become a victim. Tod Beardsley, a researcher who worked on a study about baby monitor hacking back in 2015, confirmed: “Hackers that I know and hang out with refer to Internet of Things (IoT) hacking as ‘hacking on easy mode,’ or ‘hacking like it’s 1998.'”
Not only, then, is baby monitor hacking easily accomplished, the inherent dangers spread further than you might think. These monitors basically open a door into your home’s WiFi network, which means the hacker could then attack all of the other devices you have connected—such as your laptop, where they may get access to sensitive information like your bank account.
Because this works on the P2P Cloud, these IoT devices can bypass firewalls. This is what allows the hackers to gain access to private networks.
The incident with Jamie Summitt is not isolated. It happens way more than people realize. The company that provides the firmware for these monitors not only sells them to Fredi, but also to a number of other devices. This firmware isn’t just in baby monitors, either.
If you have an IoT device that has a camera of any sort, you should definitely update the default password. Make sure your devices—such as PCs and laptops—are properly updated with the latest firmware and security software. Encrypt your WiFi connection and run Hotspot Shield on your mobile and desktop devices whenever you’re online. You should also keep a close eye on your home network for anything that seems suspicious.
After all, the last thing you want to see is your baby monitor panning around the room by itself. As Jamie Summitt found out, that’s the type of situation horror movies are made from.