We buy them to help watch over the most precious, vulnerable people in our lives, but as baby monitors have become more convenient for parents (incorporating wifi, internet controls and cloud video storage) they've also become more vulnerable to security threats.
The security of the devices we use to watch our children has become a hot topic this week after one mom's Facebook post about her monitor went viral. Jamie Summit says her baby monitor was hacked, and an unknown person had watched her and her baby without her knowledge.
"The camera itself is able to be turned 360 degrees and can be moved remotely from the app simply by dragging your finger across your phone screen," Summit wrote in her post, which has now been shared thousands of times.
She describes how she had given her husband and sister-in-law access to the app that controls her FREDI baby monitor, so when she saw the camera moving on previous occasions she'd assumed one of them was responsible. But when the camera started moving while the three of them were together, Summit felt sick to her stomach.
"I had the app pulled up and was watching Noah sleep in the bassinet in our room. I was in the living room with the only two people who had access (or so I thought) to the monitor. All of a sudden I noticed out of the corner of my eye that the camera was moving...and it was panning over to our bed. The exact spot that I breastfeed my son every day. Once the person watching realized I was not in bed, he panned back over to Noah asleep in his bassinet."
Summit and her husband unplugged the baby monitor and called the police but soon found they were locked out of the app, presumably by whoever had been accessing their account and camera controls.
Hacking baby monitors is not uncommon
It's a startling story for parents, but security experts are hardly surprised by the viral tale. A 2015 case study of internet-connected baby monitors found that the devices—and other connected household items known in tech circles as the Internet of Things—are particularly vulnerable to security breaches.
Although the exact device Summit used was not tested during the study, one of the authors of that case study, Tod Beardsley, says that wifi-connected baby monitors are often missing modern safeguards found in other devices like phones or laptops. "Hackers that I know and hang out with refer to Internet of things hacking as 'hacking on easy mode,' or 'hacking like it's 1998,'" Beardsley told NPR.
The company that makes the FREDI baby monitor has so far not responded to inquiries from Motherly.
So what can parents do to ensure we're the only ones watching our baby?
Beardsley tells NPR that until manufacturers get serious about safety, he recommends parents go old school and use baby monitors that don't connect to the internet at all. In cases where parents really feel that's necessary, he recommends the Nest camera, as that company has a good track record of taking security concerns seriously.
One of Beardsley's colleagues, Mark Stanislav, who was also involved with the baby monitor research, told Wirecutter he personally uses a radio frequency, or RF monitor (like the Infant Optics DXR-8 or Samsung SEW3043 BrightView HD), instead of a wifi-enabled device due to the security issues. He cautioned that even those lower-tech monitors are not 100% secure, but that there's "a very small risk to your average parent" with that kind of baby monitor.
Beardsley says it's quite sad and unfortunate that companies have not stepped up their security game in the years since his case study, and many parents agree. Until they do, experts suggest we forgo wifi, but if we must, make sure you're using unique passwords and keeping your device updated.