Many popular baby monitors with online access lack even the most basic security features, according to a report by IT security firm Rapid7.
Researchers revealed that it would extremely simple for hackers to use the devices as spy cameras or to launch attacks on other Internet-connected devices in the home.
According to Rapid7, the monitoring cameras have hidden, unchangeable passwords that can be used to gain access to the video stream and often these are published either in instruction manuals or online. Some of the devices also failed to implement adequate encryption, making them susceptible to hacking.
The revelations suggest that existing security protocols are ill-equipped to deal with the Internet of Things (IoT) and the expected surge in the numbers of devices that connect online.
“It is important to stress that most of the vulnerabilities and exposures discussed in this paper are trivial to exploit by a reasonably competent attacker, especially in the context of a focused campaign against company officers or other key business personnel,” explains the Rapid7 report. “If those key personnel are operating IoT devices on networks that are routinely exposed to business assets, a compromise on an otherwise relatively low-value target – like the video baby monitors covered in this paper – can quickly provide a path to compromise of the larger, nominally external, organizational network.”
Researchers also stressed that purchasing more expensive IoT devices was not a way of ensuring greater security. In fact, higher priced models often come with a greater number of features that can make them more susceptible to hacking.
Read more: Samsung launches new Internet of Things Hub
In total, Rapid7’s research investigated seven baby monitors manufactured by six different companies, finding severe security flaws in all of them.