Baby monitor safety: What you need to know

Do you have an impending new arrival in your family of the small and very noisy variety? If so, you’re probably going to invest in a baby monitor for peace of mind both at night and during the day. But do you know what kind of monitor you’re going to buy? Will it be audio only, or have images? Will it be Wi-Fi, or the non Wi-Fi kind? Did you know there’s a non Wi-Fi kind?

As it happens, you don’t have to buy an internet connected device for one of the most private areas of your home. There’s plenty of cheap Internet of Things (IoT) baby monitors out there with default passwords baked in, insecurely stored data, and an alarming amount of compromise stories in the news. If you wish, you can bypass this problem almost completely and go for a device entirely lacking in internet functionality.

The trade-off in this situation is that the device you buy won’t have as many features as a Wi-Fi product, such as the ability to check in on your baby on an app on your phone if you’ve got a babysitter for the evening. However, if all you really care about is monitoring your baby when you’re not in the same room as them, then you can probably go for something more basic.

Non-internet connected baby monitors come with a standalone screen. These screens connect back to the camera in your child’s room. Instead of Wi-Fi, they use other technologies called Digital Enhanced Cordless Telecommunications (DECT) and Frequency Hopping Spread Spectrum (FHSS).

FHSS is one alternative to smart home networks and IoT devices. It rapidly switches frequency when in operation, which can mean a very low chance of someone trying to compromise the device. This isn’t to say a non Wi-Fi camera is unhackable, but given the short range of transmission for these devices, someone would have to be very close to your home to begin poking around. Much the same can be said with baby monitors that use DECT

An internet-connected baby monitor is more out of your control. Even if you lock things down at your end with secure passwords it could go wrong if the company you use reveals that footage of your child was stored on an open server somewhere.

In fact, the data doesn’t need to be accidentally stored on an open server at all. Sometimes, the people responsible for keeping your information safe have other ideas in mind. Amazon’s Ring was recently fined by the FTC after it was discovered that every employee had previously had access Ring videos, with some abusing that power to look through users’ personal videos. The FTC also highlighted lack of proper security precautions related to warding off attacks, such as credential stuffing.

If you sign up to a home IoT system managed by one organisation, this is what you might be facing from the very entities you’re entrusting with the most personal details of your living space. It’s probably low risk, but it’s a risk all the same. With this in mind, if you want to go down the Wi-Fi route, here are some tips for securing your baby monitor.

Tips for keeping your baby monitor safe

  1. Change your password: Some cheap devices may ship with passwords that cannot be changed, ever. If this is the case, those passwords are almost certainly available online for anyone to see. Avoid those at all costs and get one where you can change the password. Then change the password as soon as you set up your monitor.
  2. Make your password strong: A weak password could let someone into your baby monitor and allow them to view videos, or even speak over the monitor.
  3. Use multi-factor authentication (MFA): Pick a baby monitor that allows you to use multi-factor (or 2-factor) authentication. This means that even if someone manages to guess your password, they won’t be able to get into your account.
  4. Keep your videos stored locally: There are perhaps specific reasons why you may want recordings from your child’s room stored somewhere. If so, go for a product which allows local saving. It’s simply not worth the risk of footage making its way into the cloud, and other people’s hands.
  5. Turn it off: If you don’t need a camera enabled in your baby’s room, then consider powering it down when not needed. The window of opportunity for breaking into a device is made even smaller if nobody can access it, so when your baby is elsewhere just flip that switch.

As with all digital toys, really have a think about what you need in a device. If you don’t need to see your baby over an app when you’re away from home, then maybe there’s no need for an internet enabled monitor. The more connected you make your home, the more potential security risks you introduce.


We don’t just write about threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/