The internet of things is upon us, but what’s mostly left behind when we’re talking about the novelty of connected devices is just how secure, or vulnerable they really are.
Following numerous reports of hacked devices being used to scream at — or play profane noises for — children, New York’s Department of Consumer affairs has launched an investigation into the baby monitor companies and their security protocols.
According to a statement by New York DCA commissioner Julie Menin:
Video monitors are intended to give parents peace of mind when they are away from their children, but the reality is quite terrifying – if they aren’t secure, they can provide easy access for predators to watch and even speak to our children.
Internet-connected devices like video monitors provide convenience – but without proper safeguards, they pose serious privacy risks. We encourage parents to take steps to make sure their devices are secure and call on manufacturers to make security a top priority.
The Federal Trade Commission looked at five popular baby monitors and found four of them could be easily accessed. Only one of the five required a strong password, the others used simple and easily-to-guess passcodes, such as the ever popular, p-a-s-s-w-o-r-d.
Additionally, two of the five featured no encryption between the monitor and the home router and a third had no encryption between the router and the internet.
Cyber security firm Rapid 7 had similar findings after testing 9 internet-connected video baby monitors. “Eight of the 9 cameras got an F and one got a D minus,” says security researcher Mark Stanislav of Rapid 7 (via Fusion).
“Every camera had one hidden account that a consumer can’t change because it’s hard coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”