Last week, Boston-based Rapid7 Inc. released a report which looks at nine baby monitors made by eight different companies. And the results are alarming, with many of the most popular Internet-connected baby monitors lacking basic security features.
The Rapid7 study found serious security problems and design flaws in all of the cameras tested. Some had hidden, unchangeable passwords, often listed in their manuals or online, that could be used to gain access. In addition, some of the devices didn’t encrypt their data streams, or some of their web or mobile features, allowing hackers to access the video stream.
In the Rapid7 study, researchers rated the devices’ security on a 250-point scale. The scores then received a grade of between “A” and “F.” Of those tested, eight received an “F,” while one received a “D.” All of the camera manufacturers were notified of the problems earlier this summer and some have taken steps to fix the problems.
The problems with the monitors highlight the security risks associated with the “Internet of things.” Homes are becoming increasingly connected, with everything from TVs to slow cookers now featuring Wi-Fi connections. But many consumer devices often don’t undergo rigorous security testing and could be easy targets for hackers.
And if a hacker has access to one connected device, he or she could potentially access everything tethered to that home’s Wi-Fi network, whether it’s a home computer storing personal financial information or a company’s computer system that’s being accessed by an employee working from home.
And higher camera prices do not correlate with higher levels of security. Pricier models usually have more features, which left unsecured could give hackers more ways to potentially access a camera or its video stream.