The security of Internet-connected baby monitors got a failing grade from researchers who found critical vulnerabilities in all nine of the models they reviewed.
The weaknesses make it possible for hackers half a world away to perform a host of nefarious actions. They include monitoring live video feeds, changing camera settings, harvesting video clips stored online, and making an unlimited number of additions to the list of users who are authorized to remotely view and control a monitor. Researchers from security firm Rapid7 spent most of 2015 reviewing nine models from eight manufacturers and then scored them on a 250-point scale for overall security. The researchers then translated the scores into standard academic grades. Eight of the models received and F and one got a D. As Kashmir Hill at Fusion points out, the report comes a week after an Indiana couple reported someone hacked their two-year-old's baby monitor and played the Police’s "Every Breath You Take" followed by “sexual noises.”
Internet of insecure things
The Rapid7 research is the latest to underscore the troubling security involving the "Internet of Things." The term is applied to everyday devices—including washing machines, thermostats, and cars—that have computing and network capabilities embedded into them. The Rapid7 researchers said they focused on baby monitors because they are widely used and underscored how intensely personal uses IoT devices could serve. The researchers went on to warn that the bugs they found could do much more than allow voyeurs to invade the owners' personal privacy. The weaknesses could also prove valuable to attackers who target executives of large companies who sometimes work from home or who access monitors from work phones or networks.