Baby monitors & smart cameras “easily” hacked by criminals

The Internet of Things (IoT) is advancing our daily lives, but also making users more vulnerable to privacy breaches. Baby monitors are amongst the many devices that are liable to be "easily" hacked, say cyber security experts.

Cyber criminals could access baby monitors and smart cameras, to watch and even communicate through the devices.

Consumer choice platform Which? investigated how easy it is to hack into WiFi baby monitors. They explain: "there are disturbing stories of baby monitors being hacked by strangers who are then able to project their voice through the monitor's speaker, or of footage from baby monitors ending up on websites".

But how are hackers able to exploit vulnerabilities in these cameras? According to the National Cyber Security Centre (NCSC), the issue might lie in poor password management.

So how can you stay protected from this sinister threat? The NCSC advise users to alter the default password as soon as they set up these devices.

Jake Moore, cyber security specialist at ESET, has some sound advice for creating a secure password: "Three random words is a good starting block for passwords, but to properly help protect users we really want to see the use of password mangers increasing.

"Password managers should not be feared; many people think that putting all their passwords in one place on the cloud will make them somewhat vulnerable to attack. However, it’s the opposite that is true.

"The clever use of two factor authentication, 2FA, and robust encryption are a far stronger mix than having to remember hundreds of accounts each with three random words. Furthermore, to fully protect your IoT devices, you should look at implementing 2FA on each of the devices directly too".

However, cyber security does not solely rely on secure password regulations. There are other implications to be aware of around the nature of these particular devices.

VP head of enterprise and cyber security EMEIA at Fujitsu, Rob Norris, believes that "too often, security on these devices are a “bolt-on” after developing the product, favouring a cheaper and easier route into market rather than taking authentication and security requirements seriously.

"But this is the wrong way round – organisations should be making these products with ‘security and privacy by design’ in mind, otherwise both the company and the consumer are at serious risk. Part of implementing effective ‘security and privacy by design’ is to ensure that the devices regularly prompt users to follow good cyber security practices.

"This includes simpler processes such as regular prompts to change passwords, to a more sophisticated approach including constant updates to the software to ensure the device is protected.

"The government is taking this issue seriously too, with a consultation on the widespread use of IoT in and outside the home that will likely prompt companies selling IoT-connected products to shape up and thereby provide a level of reassurance to consumers that their digital privacy and safety are top of mind.”

Securing smart cameras in the home more generally is crucial for protecting your privacy. The NCSC suggest users take the following measures:

  • Create a secure password straight away
  • Make sure the device is regularly updated with the latest software (also referred to as firmware)
  • Disable the feature that lets you remotely view the camera via WiFi if you don't actually need it
  • Check your router settings and disable UPnP and port forwarding technologies if your router has not already done this by default

Smart devices will always be liable to certain cyber-attacks. But the kind of sensitive data and intimate details hackers can gain access to through baby monitors, for instance, makes it even more important to protect these devices, your family and your home.