You've probably already heard of scary stories on the internet where parents wake up in the middle of the night from strange noises coming from their child's bedroom.
They open the door, only to find a stranger "talking" to their baby through the baby monitor. "Although rare, such cases do happen from time to time," says o Phil Muncaster from the team at the global digital security company ESET.
Smart technology has given us many ways to keep our homes safe, from smart locks and doorbells to Security cameras. But when devices are equipped with computing power and connected to the internet, they also become a target for hackers.
Fortunately, you can take action to give you peace of mind that the baby monitor will do its job and not follow a stranger's instructions, and ultimately won't pose a risk to your safety and privacy, says Muncaster from ESET.
How hackers can gain control of a baby's intercom device
Why would anyone want to hack a baby monitor? Some just want to have fun. Others may have more sinister purposes in mind. And some may even seek to steal personal information heard through the device or confirm that the home is empty in order to break into it.
Whatever the reason, they exist two main ways to hack a baby monitor. It depends on the type of device:
Radio frequency devices require the eavesdropper to be within range of the signal and to know the frequency the device is using. Both this, and the fact that most top-of-the-line products of this type use encrypted communications, make these models a more secure item overall, albeit with more limited functionality.
The devices Wi-Fi are more vulnerable to tampering because they are connected to the household router and, often, at Internet. These devices support features that allow parents to view the video stream through a mobile app, wherever they are. While this gives you peace of mind when you're out and about, it also opens the door to hackers, who may scour the internet for unsecured cameras to check.
Even devices that do not offer this functionality could theoretically be compromised if an attacker were able to hack the router. The simplest way to do this is to guess the password or to jailbreak the device with brute-force techniques, although more sophisticated attacks may attempt to exploit its vulnerabilities firmware.
What can happen;
Either way, the implications are enough to alarm any parent. Hackers could eavesdrop on your baby or even communicate with them if the device has a speaker. In some cases, footage from hacked cameras has ended up on illegal websites for others to watch.
Examples of device tampering
- A infamous case of 2014, in which it emerged that a website in Russia was broadcasting live footage of homes and businesses around the world taken by smart devices that were protected only by pre-set passwords.
- A 2018 case in which a mother from South Carolina in the US noticed that the baby monitor's camera had been remotely moved to focus on where she was breastfeeding her son.
- Another incident from 2018 in which a hacker broadcast messages through a compromised device, threatening to kidnap the family's child
- A 2019 incident in which a stranger hacked into the device of a couple in the US city of Seattle and started sending scary messages to the child.
- A similar case from early 2022, when a stranger took over a baby monitor and terrorized a three-year-old child with threatening messages using a voice converter.
How to protect your family
A British consumer rights group urged parents recently to address their device security concerns to the manufacturers. He argued that many of these companies will only change their ways when enough consumers demand change. "The more people ask for it, the more security will become their priority," he argued.
There are also various efforts at the legislative level in United States and to European Union, which aim to improve the basic security levels offered by the devices IoT and smart products.
However, in the meantime, parents need advice they can trust. The good news is that some best practice advice for security go a long way in keeping hackers away. THE Muncaster from ESET suggests us some:
- Research your options carefully and aim to choose a reputable manufacturer that places a strong emphasis on security and has good reviews.
- Install all software updates (or firmware) device
- If possible, choose a model that does not allow remote communication via an app. If it does, disable remote access, especially when not in use.
- Set a strong and unique password and activate on two-factor authentication, if possible
- Regularly review device logs to check for suspicious activity, such as people accessing from unusual IP or at odd hours.
- Protect your wireless router with a strong, unique password. Also, disable remote access to it, as well as port forwarding or the UPnP. Make sure that o router is informed.
Baby monitor hacking is a worrying prospect for any parent. But as with any device IoT, it pays to understand where the risks lie and take extra precautions to block any malicious third parties.