Like any internet-connected consumer device, a baby monitor can create new security risks in your home. The newest generation of smart monitors can watch, listen, sense and talk, and also send a constant stream of data from the inside your home across the internet. Smart baby monitors make it possible to keep an eye on the nursery from anywhere, anytime. Unfortunately, these devices can be often be compromised due to improper configuration and design flaws.  When this happens, unauthorized individuals can gain access to your video and audio stream, account details and even financial information. There have been numerous reports of hacked baby monitors in the recent years, and parents are rightfully growing more concerned about security.

Most modern baby monitors collect the data and then send it to your Wi-Fi Router, which then forwards it to the cloud service provided by the monitor’s manufacturer, where the data is processed, recorded, and made available for access from your mobile device or computer. To secure your baby monitor, each of these devices and services need to be reviewed and properly configured.

NOTE: Not all of these features may be available on all devices, but if they are, you should take advantage of the enhanced security they provide. If you are interested in reading about baby monitors that provide enhanced security features, read 3 Security-Minded Baby Monitors.

Securing the Baby Monitor

Baby monitor

The baby monitor itself is essentially an active surveillance device. An unauthorized person with access to the monitor’s feed can learn details about your family, eavesdrop on your conversations, learn your schedules and habits, and even emotionally terrorize your family. Here are a few ways to maximize security of the baby monitor itself:

• Change the default device name. Many baby monitors come with predictable default device names that may include the manufacturer, model and serial number of the device. This name is visible on your network, on your mobile device, and possibly in the cloud service. If intercepted, these pieces of information can help the attacker quickly identify any vulnerabilities specific to your monitor.
• Disable unused radios.  Some units allow you to disable unused radios like Wi-Fi or Bluetooth. Doing so eliminates the additional entry points hackers can use to gain access to your baby monitor.
• Pick a strong username and password. If your monitor came with a default username or password, be sure to change them, as these are often well known to hackers. Also make sure to pick a strong password that cannot be easily guessed or cracked.
• Enable auto-update for firmware. When vulnerabilities are discovered, manufacturers fix them with firmware/software updates. Enabling auto-updates ensures that your device does not stay vulnerable any longer that necessary.

Wi-Fi router

Your Wi-Fi router is the gateway to your home network. If compromised, it can give malicious users access to all your connected devices (wireless and wired), and their features (laptop camera, phone microphone, etc).

• Change the default administrator username and password. Most routers will come with default administrator login credentials like “admin” and “password.” Change these as soon as possible, to prevent unauthorized users from gaining access.
• Enable strong encryption. Encrypting communication between your device and the Wi-Fi router is an important part of securing your home network. Make sure your router supports WPA2 security and has it enabled.
• Pick a strong Wi-Fi network password. As with any password, your Wi-Fi network password should complex and difficult to guess or crack. Use a password manager to help create and store your password.
• Disable remote administration features.  Also known as Remote Management, this feature can allow someone outside your home to connect to and make changes to your Wi-Fi router. Most Wi-Fi routers come with this feature disabled by default.
• Enable auto-update for firmware. Enable auto-update for firmware. New vulnerabilities are discovered all the time, and the manufacturers work diligently to patch them and roll out software updates.

Cloud service

Most smart baby monitors rely on a cloud service to enable recording and streaming of the video and audio feed. As far as security is concerned, think of this cloud service as a totally separate web service, requiring its own security considerations.

• Set a strong password. No surprises here – if you can set a separate username and password for the cloud service, make sure you pick a strong password.
• Select SSL or TLS connection to cloud service. Your Wi-Fi router encrypts only the communication between itself and your device. Your baby monitor’s cloud service may offer SSL or TLS encryption to protect communication with devices connecting to it. If not enabled by default, be sure to select an encrypted connection to the cloud service.
• Enable multi-factor authentication. Multi-factor authentication requires additional information at login besides the username and password. It may be a code sent to your phone or an additional security challenge or question. This ensures that someone can’t login to the service with just your username and password, which could be stolen or cracked.

Mobile device

The device you use to access the baby monitor app should also be secured.

• Enable and secure the lock screen. Surprisingly, many people leave their mobile phones and other devices unprotected. A lock screen should lock the device after specific time and require a password or other security measure to unlock.
• Use a VPN when not on a secure network. When connecting to your baby monitor over a public Wi-Fi, be sure to use a VPN service to ensure your connection is secured.

 

* image credit: Netgear Arlo