Advertisement

Security firm says baby monitors are vulnerable to hackers

By
Tomas Monzon
Baby sleeping in crib. File photo by OndroM/Shutterstock
Baby sleeping in crib. File photo by OndroM/Shutterstock

BOSTON, Sept. 3 (UPI) -- Multiple video baby monitors are subject to potential attacks by hackers, a study by a Massachusetts security firm has found.

Rapid7, Inc., found common security flaws with each of the nine Internet-connected baby monitors it reviewed by Massachusetts-.

Advertisement

In one example, an iBaby Labs monitor allows registered owners to log on and view a live feed of their child. The system also allows hackers to randomly guess a password an unlimited number of times -- a method known as brute-forcing -- in order to access the same feed.

Meanwhile, Philips brand assigns the same default username and password to its monitoring cameras, meaning an uninitiated system could be hacked into. Yet another company, Summer Infant, allows any user who knows a camera's ID number to create an account for access.

RELATED Baby monitor hacked, man yells profanity at Texas toddler

"We think we have a good picture of what security looks like in this market, and there are all kinds of failures," Mark Stanislav told the Wall Street Journal. Stanislav is a senior security consultant with Rapid7 who was involved with the tests.

Stanislav also said buying a more expensive camera will not necessarily bring better security feaures. He said the weak points in the monitors are part of a growing problem with the so-called "Internet of Things," a term used to describe cars, televisions and even pill bottles that feature Internet connectivity.

Advertisement

Stanislav urged baby monitor users to check for security updates often, and create and use strong passwords.

RELATED Hacker used baby monitor virtually enter Texas child's bedroom

Rapid7 said it has not caught wind of an effort to hack such devices, but says some hackers may have accessed the baby monitors in order to prove how easy it is to do so.

Philips pledged to address Rapid7's findings, and in a statement to the WSJ, Summer Infant also said it takes study matter seriously and plans to work toward the "highest level of security" for its customers.

Latest Headlines