According to a new report, a few of the most popular web-connected baby monitors are extremely vulnerable to being attacked as they lack even the most basic security features.
Besides giving cyber attackers an in to watch your baby, it may also give access to other Wi-Fi enabled devices around the home.
Security firm Rapid7 Inc. reported on nine baby monitors that are popular and range from $55 to $260 in price. "There's a certain leap of faith you're taking with your child when you use one of these," says Mark Stanislav, a senior security consultant at Rapid7. All of the monitors record and send the video to your app or to a personal site (cloud). Some can even record audio and motion and alert the watcher.
The biggest problems found with the devices was lack of data encryption. Many of the monitors did not encrypt their data streams, or their web or mobile features were lacking strong encryption. Perhaps more scary was the fact that some has hidden passwords for access to the device, but those passwords were listed online or in manuals and were unchangeable by the user.
Of the nine researched, 8 of the monitors received an "F" rating while received a "D-," but all have been notified and some have already begun making changes. "When one gets an 'F' and one gets a 'D minus,' there isn't an appreciable difference," Stanislav says. "And unlike a laptop where you can install firewalls and antimalware, you can't do that here."
Source:
CBS News
Security firm Rapid7 Inc. reported on nine baby monitors that are popular and range from $55 to $260 in price. "There's a certain leap of faith you're taking with your child when you use one of these," says Mark Stanislav, a senior security consultant at Rapid7. All of the monitors record and send the video to your app or to a personal site (cloud). Some can even record audio and motion and alert the watcher.
The biggest problems found with the devices was lack of data encryption. Many of the monitors did not encrypt their data streams, or their web or mobile features were lacking strong encryption. Perhaps more scary was the fact that some has hidden passwords for access to the device, but those passwords were listed online or in manuals and were unchangeable by the user.
Of the nine researched, 8 of the monitors received an "F" rating while received a "D-," but all have been notified and some have already begun making changes. "When one gets an 'F' and one gets a 'D minus,' there isn't an appreciable difference," Stanislav says. "And unlike a laptop where you can install firewalls and antimalware, you can't do that here."
Source:
CBS News