Popular connected baby monitor is riddled with security holes, letting hackers take over, experts warn
Australian parents have been warned to check the security of their baby monitors after experts discovered hackers could remotely control a popular model.
Gadgets
Don't miss out on the headlines from Gadgets. Followed categories will be added to My News.
Parents are unknowingly exposing their infants to hackers after major security holes were discovered in a popular baby monitor.
The serious security fault could allow online attackers to live stream video from a baby’s cot, download video clips of the child, and even access the user’s home address and contact details, according to security experts.
And the discovery follows a series of digital break-ins using similar technology, including one in which a man’s voice threatened to “kidnap” a baby and others in which hackers said deeply inappropriate things to unsuspecting children.
Bitdefender chief security researcher Alex Jay Balan said the company discovered significant flaws in the popular iBaby M6S baby monitor, sold in Australian stores, after analysing the device in its Romanian smart home device lab.
Security flaws in the product and iBaby Labs servers could give hackers access to all videos and photos recorded by the baby monitor, Mr Balan said, as well as exposing the location of the device, and the parents’ email and profile details.
Online attackers could even take control of the iBaby monitor from afar and stream live video from a baby’s room, he warned, due to lax security practices.
“From a privacy standpoint and a very creepy baby-watching standpoint, it’s bad,” Mr Balan told News Corp.
“We’ve discovered this baby monitor allows an attacker to have access to all the video recordings. By knowing your email address, I could find the device that belongs to you within the iBaby network and pull up recordings from your device.”
Mr Balan said the device’s security was “fundamentally flawed” and warned parents that all iBaby products were probably affected by the security problems.
“There’s a very high likelihood that this affects all iBaby devices because the architecture is so deeply flawed,” he said. “We haven’t tested all the iBaby devices but we purchased another device and we were able to pull videos from that device.”
Mr Balan said Bitdefender chose to alert parents to the security problem after repeated attempts to contact the company and urge a fix had been ignored since May last year.
The security flaw could prove a problem in Australia, where iBaby products are stocked in major baby stores, and a new Telsyte study showed Australian households now keep an average of 18.9 connected devices, with forecasts for it to grow to 30 by 2022.
Similar security holes have seen hackers take control of connected baby monitors in the past two years, often with scary results.
In the US, a father using a compromised Nest baby monitor discovered a stranger yelling “sexual expletives” at his son before threatening to kidnap the boy.
And in Australia a mother from Western Australia last year installed a Uniden baby camera only to see footage from someone else’s bedroom appear, and a Sydney mother said she felt “violated” after watching a hacker take over her Taococo Fredi baby monitor, purchased from Amazon, and pan around the room to see if she was breastfeeding her son.
iBaby Labs did not reply when contacted for comment.