New York City’s Department of Consumer Affairs has issued a public alert to parents due to the recent reports of hackers gaining access to baby monitor webcams and spying on infants inside their own home.
NYC Dept of Consumer Affairs subpoenaes baby monitor companies for answers on security vulnerabilities https://t.co/6jU2Eqr475— Andy Greenberg (@a_greenberg) January 27, 2016
The news is a terrifying reality that many parents — especially of newborns — need to be made aware of. As our daily lives require the expanded use of monitors and live internet connection, the threat of that connection being compromised by individuals with malicious intent has emerged as a serious threat to families’ privacy and peace of mind.
“Video monitors are intended to give parents peace of mind when they are away from their children but the reality is quite terrifying — if they aren’t secure, they can provide easy access for predators to watch and even speak to our children,” said DCA Commissioner Julie Menin said in a statement.
Commissioner Menin has confirmed that there have been numerous reports in New York, and around the country, of baby-monitoring devices being compromised by creeps and individuals with bad intentions.
Accounts from parents around the nation have described disturbing situations in which hackers are communicating with their babies in the middle of the night through hacked monitors.
In one instance, a family from Indiana was able to catch a hacker playing the Police’s “Every Breath You Take” followed by “sexual noises” through their 2-year-old’s baby monitor.
The accounts demonstrate the vulnerability of these devices, which has caused the Department of Consumer Affairs to issue subpoenas to “several major manufacturers” of the monitors as part of an investigation into the security of the devices, according to a department spokeswoman.
Along with the disturbing reality of monitors being hacked to gain access to their child’s nursery, families are also vulnerable to hackers using these monitors as an opportunity to identify when families are not in the house, along with other details that families shouldn’t have to fear about when utilizing a device that is intended to provide assistance in monitoring their child, not endangering them.
With so many incidents occurring, it’s hard not to question manufacturers of the monitors for not equipping their devices with a better security system along with their decision to sell products that leave customer’s families vulnerable to these disturbing intrusions.
Fusion reported that nine internet-connected devices were tested by security firm Rapid 7, resulting in an assessment that labeled all nine of the monitors with flaws that left families vulnerable to hackers who wished to access footage of their child.
“Eight of the nine cameras got an F and one got a D minus,” says security researcher Mark Stanislav of Rapid 7. “Every camera had one hidden account that a consumer can’t change because it’s hard coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”
Stanislav did recommend a few internet-connected camera’s for those looking for a reliable option; Nestcam, formerly known as Dropcam and a product of Google-owned Nest, is a device that, according to Stanislav, has passed security tests and has a partnership with BuildItSecurely, which allows its products to be worked over by security researchers.”I’ve got a lot of faith in it and use it,” Stanislav stated.
The DCA has also listed some helpful tips on their website for parents to check off when purchasing a device and using it inside of their homes — information that should be passed along to friends and families and that can be applied to any device that requires an internet connection.
The site recommends:
- Buy a secure device. Before buying an Internet-connected video monitor, research if it or its applications have any known security vulnerabilities.
- Use a strong password and change it regularly. Never use the default camera name and password; select a strong password with a combination of letters, numbers and characters that is difficult for others to guess and only share it with people you trust. Don’t use the same password you use for other accounts so that if one account is compromised, they are not all compromised. Also, when naming your WiFi network, avoid using personal information. If you name it Smith4A, it’s easy for attackers to figure out the network belongs to the Smiths in Apartment 4A.
- Register your product and update software, firmware, and applications.Register your product so you will be notified of security updates by the manufacturer and install all security updates.
- Turn devices off. If you are not using the device, turn it off. Hackers can access devices more easily if they are always on.
(Photo by Ethan Miller/Getty Images)