There must have been more than a few parents uneasily eyeing their smart baby monitors in the past couple of weeks.
The monitors, which connect to your home’s wifi network and are accessed via an app on your smartphone, have become increasingly common in recent years, giving parents a way to check on their child no matter where they are in the world.
Reports of wifi-enabled baby monitors being hacked and strangers having access to the camera feed are not new, but it was the subject of discussion on RTÉ1, bringing home to parents the risks posed by connected cameras.
Viewers of Claire Byrne Live last week heard about Michaela Beirne’s experience with her Owlet smart baby monitor, where someone unknown to the family gained access to the camera and began to mess around with its video feed and settings.
One night, she said, the app displayed an empty cot instead of her sleeping one-year-old son. “My mind went to ‘He’s fallen out of the cot, how did this happen?’ My partner’s went to ‘There’s an intruder in the house,’ ” she said. Beirne and her partner, Dean, raced up the stairs, but found their child sleeping peacefully.
A small LED light that indicated someone was streaming the monitor’s footage was displayed on the camera. It was then they realised that someone had access to the monitor.
Then other things began to fall into place. Beirne said the app had notified her that the temperature in the room was too low, so she had put extra covers on the baby; a short while later, it told her the temperature was too high. And there was some indications that whoever had access to the app had been watching the stream before.
“There’s a little LED indicator so when the camera is streaming, when someone is looking at it through the app, it’s red; when there’s nobody it’s blue,” Beirne said. “We had been in bed the night before and we noticed it turned to red. Someone was actively watching the live streaming.”
After the incident the next night, Beirne unplugged the camera and got in touch with the company about the issue. In a statement read out on the show, the company said it was working with the customer “to address her concerns”, and detailed the various security measures it had in place.
But while the incident may be the most recent, it certainly isn’t the first time that wifi monitors have hit the headlines for the wrong reasons.
Degree of risk
What should serve as some sort of relief to parents is that these experiences are relatively rare and most wifi monitors will only be accessed by people known to the parents. But as with all internet connected devices, there is some degree of risk that the camera can be hacked.
It’s not just baby cameras we have to worry about: there have been numerous reports about security flaws in internet-connected security cameras that have left people open to being spied on or harassed.
In June last year, UK consumer watchdog Which? warned that about 3.5 million internet-connected security cameras in the country were at risk of being hacked, even if users had changed the password. About 700,000 were in Europe, with the majority in Asia. The issue seemed to stem from the app accompanying the cameras, which included brands such as Accfly, ieGeek and SV3C among others. The flaw in the CamHi app was still a risk to those who had changed the default password on the camera, usually the first – and effective – line of defence against hackers.
While the invasion of privacy is bad enough, it isn’t the only risk. The growing number of internet-connected devices that are popping up in our homes could also be used in online attacks. By exploiting poor security or vulnerabilities in connected devices, hackers can create a botnet – an army of zombie devices that could include security cameras,smart TVs and home automation sensors – that can be used to co-ordinate a massive cyber attack.
Take the Mirai botnet. In 2016 a large part of the eastern US coast suffered a major internet outage after a DDOS (distributed denial of service) attack was levelled at internet infrastructure company Dyn. The attacks came in waves, with tens of millions of IP addresses bombarding its servers with malicious requests and overwhelming the system until it simply gave up.
The botnet was made up of millions of IoT devices, with its creators scanning the web for vulnerable devices
It all seems a bit overwhelming, and weighing the risks it seems the best thing we can do is unplug the broadband modem and resolve to live a simpler, less risky life. That may be a little drastic, though, particularly in a time when our lives are so restricted that online is the only outlet we really have.
There are some steps that you can take to help protect you from prying eyes without resorting to drastic measures. All this advice comes with a caveat: even if you do everything the experts advise, you may not be able to prevent a hacker gaining access to your devices.
It will, however, make it significantly more difficult, in the same way that locked doors and windows won’t always keep burglars out but instead throws up enough obstacles to make your property a less attractive prospect.
The first port of call is always your home wifi hub. You might have thought to change the password on your wifi network, but what about the admin password on the hub itself?
Each broadband router has admin settings, accessible through your web browser, that allow you to customise your home network, from renaming the wifi and splitting the 5Ghz and 2.4Ghz into…