Web of Insecurity: Hacked Baby Monitors Highlight Perils of Internet of Things

UPDATED

The internet of things is coming. Technology giants Samsung unveiled their new smarthome hub on Thursday, which will connect everything from bins to toasters. However, a report by security analysts suggests that increased connectivity may come with a price—and that may include the privacy of children's lives.

I.T. analysts Rapid7 analysed nine internet-enabled video baby monitors—which allow parents to keep a watchful eye over their young children—in order to test them for possible security flaws. Their report, released on Wednesday, found that all the monitors tested had critical security flaws that mean hackers could potentially access the video feed and watch the children from afar, or even disable the monitors so parents are unaware if their children are in distress. The report also points out that, if parents are controlling the monitors via smartphones connected to business wireless networks, the monitors could provide a window of opportunity for cybercriminals to access sensitive business information.

This is not the first time vulnerabilities in baby monitors have been exposed. In April, a hacker put live feeds from more than 1,000 home cameras, including baby monitors, onto a website titled "Big Brother is Watching You." In August, a family in Indianapolis reported that a hacker took control of their baby monitor and played The Police song Every Breath You Take down the line, followed by sexual noises. However, despite the concerns raised in the paper, only one manufacturer of those surveyed—Philips N.V.—responded to the report with a timeline for security fixes to the monitors when contacted by the authors.

Steve Kink, director of communications at Philips, told Newsweek that a software security update for the product—the In.Sight Wireless HD Baby Monitor B120E/37—would be available to the general public in early September. "Whilst the security vulnerabilities are a concern and are being addressed, at this time we are not aware of any consumers who have been directly affected by the issue," says Kink. Another manufacturer, TRENDnet, also contacted Newsweek to say that a firmware update for their product has been made available and that affected users should have received email notification of the update.

A third manufacturer, iBaby, later contacted Newsweek to say that various measures had been taken to improve the security of their devices, including stronger encryption, and urged users to update iBaby apps.

The internet of things refers to the idea of having household and other objects connected together so that devices can communicate to one another and offer more efficient and automated operation. However, the baby monitor report shows that there is still a way to go before people trust the technology enough to invest in the concept, according to Alan Woodward, visiting professor in computer science at the University of Surrey and a cybercrime advisor to Europol. Woodward says that current security vulnerabilities could open consumers up to a situation where malicious hackers are able to piece together a complete picture of their lives by collecting information from their internet-enabled devices.

"If you make your toast at 7.00am every morning, [and] if a burglar were able to get hold of that information, they might suddenly be able to start putting together the patterns of your life and know when you're not in the house," says Woodward. He adds that public perception around data security is not keeping up with the pace at which consumers' belongings are becoming part of the internet of things. While people are still relatively protective of sensitive information such as bank details, Woodward says consumers are too laid-back with other personal information which could be used to compromise their security. "The default situation really should be that all data should be considered private and personal and you should try to protect it," he says.

As more inanimate objects become part of the web, security flaws are being brought into sharp focus. In February, Samsung warned customers not to discuss personal information in front of their Smart TV, as it could be recorded and shared with a third party if consumers were using the TV's voice recognition software. A December report by the International Data Corporation, a technology market research firm, predicted that 90 percent of I.T. networks would experience an internet of things-related security breach in the next two years.

Mischa Dohler, chair professor of wireless communications at King's College London, says the baby monitors in the report were are examples of "sloppy design." He maintains that the trade-off between privacy and the utility gained from having an interconnected home is a price worth paying. "There is that trade off clearly, but it doesn't mean that people need to see what my kids are doing," says Dohler, who adds that security breaches in internet-enabled devices only occur when human engineers enter the loop and disable important security settings.

At present, according to Dohler, there is only an "intranet of things," where objects and devices can only be connected on an internal network, such as a home wireless network. Only when connectivity goes truly global—and someone on holiday is able to turn on the heating at their home in the U.K.—will consumers reap the benefit of the internet of things. "It will have its cost but the benefit will be massive, will really be massive," says Dohler.

UPDATE: This article has been updated to include the response from TRENDnet and iBaby.

Editor's Pick
GettyImages-1071834188

Americans Blame Trump for Shutdown: Poll

Forty-three percent of those polled said they would blame the president and the GOP, while 24 percent would hold congressional Democrats responsible; 30 percent said they'd regard both sides equally at fault.