Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on January 29, 2016

New York Department of Consumer Affairs investigates connected baby monitor hacks


New York Department of Consumer Affairs investigates connected baby monitor hacks

The internet of things is upon us, but what’s mostly left behind when we’re talking about the novelty of connected devices is just how secure, or vulnerable they really are.

Following numerous reports of hacked devices being used to scream at — or play profane noises for — children, New York’s Department of Consumer affairs has launched an investigation into the baby monitor companies and their security protocols.

According to a statement by New York DCA commissioner Julie Menin:

Video monitors are intended to give parents peace of mind when they are away from their children, but the reality is quite terrifying – if they aren’t secure, they can provide easy access for predators to watch and even speak to our children.

Internet-connected devices like video monitors provide convenience – but without proper safeguards, they pose serious privacy risks. We encourage parents to take steps to make sure their devices are secure and call on manufacturers to make security a top priority.

The Federal Trade Commission looked at five popular baby monitors and found four of them could be easily accessed. Only one of the five required a strong password, the others used simple and easily-to-guess passcodes, such as the ever popular, p-a-s-s-w-o-r-d.

Additionally, two of the five featured no encryption between the monitor and the home router and a third had no encryption between the router and the internet.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Cyber security firm Rapid 7 had similar findings after testing 9 internet-connected video baby monitors. “Eight of the 9 cameras got an F and one got a D minus,” says security researcher Mark Stanislav of Rapid 7 (via Fusion).

“Every camera had one hidden account that a consumer can’t change because it’s hard coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”

US parents warned on hacked baby webcams [BBC]

Get the TNW newsletter

Get the most important tech news in your inbox each week.