If you’ve already heard them, I’ll spare you the recap of the baby monitor hacking horror stories. There’s nothing more stomach-churning than the thought that your baby’s room isn’t completely safe from intruders. But the fact is, if you have a baby monitor in the room, it might not be.
Video baby monitor hacking stories get lots of airplay on local news and instantly forwarded to me by my older relatives. What’s different about these stories is that the risks they identify are real.
These confirmed instances are chilling enough to make you want to run upstairs and unplug the baby monitor in your kid’s room right now. I almost did.
But after taking stock of the security measures I’d already put in place, I decided it was OK to keep using my baby monitors. The risks are real, but they are manageable.
Don’t get me wrong. I’m not immune to a little paranoia. For instance, I do have a Post-it covering the webcam on my laptop. (Seriously, when are they going to put little plastic shutters on these by default?). But my position on baby monitors is this:
Once you understand how hackers get into baby monitors and webcams, you can make a more informed decision on whether or not the security risks are worth the convenience. So, before you start warning all your friends and kids to stop using baby monitors, read through this post. Or better yet, forward them this one instead of the sensational story from your local news channel.
I have a problem with a lot of the way the media covers these stories. They are more clickbait than cautionary tales, and the advice they offer is cursory at best. The point of this post isn’t to shock and scare you—it’s to inform and prepare you.
How Hackers Access Baby Monitors: Dumb vs. Smart Monitors
There are two major kinds of baby monitors out there. There’re the simple intercom style baby monitors that are walkie talkies with a baby bear logo on the box. And then there’re the somewhat newfangled Internet-enabled baby monitors that integrate with your smartphone via your wireless router.
The attack vector for older walkie talkie/intercom type baby monitors (which I still use) is pretty simple. The dumb monitors are the radio equivalents of two tin cans on a string. All someone has to do is find the string and then put their can in the middle. That is, hijack the frequency and start playing death metal over it or something. There are two big limiting factors to the dumb monitor hack, though. First is hardware. Right now, every kid over the age of 5 has a device that can use internet protocol (what smart baby monitors use). But to hijack a dumb baby monitor frequency, you’ll need to be somewhat handy with some gadgets you bought at RadioShack. The second factor is the range. You have to be pretty physically close to the baby monitor for it to work. For example, if I stand in my driveway with the receiver for my baby monitor, I’m too far away for the signal to work.
So, if someone starts hijacking your “dumb” baby monitor, go run out into the yard and find the little punk with the walkie talkie who’s doing it and tell him you know where he lives, and you’re calling his parents.
That’s all old news.
It’s the internet-connected video monitors and baby cameras that are making all the headlines lately. These are called internet protocol (IP) cameras because they use the internet and your local area network to communicate with your smartphone. The attack vector against these “smart” baby monitors is much broader. Now, it’s not just older brothers and neighborhood kids pranking you. If a dumb baby monitor is two tin cans and a string, a smart baby cam is a tin can, and the string is the World Wide Web. Internet-connected baby monitors are potentially vulnerable to the full range of trolls, creeps, and criminals across the globe. And we all know that those people can be just absolutely reprehensible.
Internet Protocol Baby Monitor Security Issues
Every time I start talking about security with Steve, he starts doing his Shrek impersonation.
Ogres Security measures are like onions.”
It’s all about the layers.
When it comes to your IP-enabled baby monitor, having just one stinky layer of insecurity can invite all the hackers. Then, your webcam could end up on some shady forum with links to hundreds of insecure webcams all across the globe. They exist. Don’t look for them, if you value your soul.
At a very high level, here are the layers that apply to your video baby monitor. This comes from the fact that your video baby monitor works by connecting to your home wireless router, which I’m assuming is connected to the internet.
- Normal internet access to your router (Firewall protected)
- Video baby monitor access (Password protected, or better yet, disabled)
- Remote baby monitor access (Password protected, or better yet, disabled)
- Remote administrator access to your router (Password protected, or better yet, disabled)
- Video baby monitor access (Password protected)
- User/administrator local access to your router (Password protected)
- Wired (Password protected)
- Wireless (Password protected)
- Video baby monitor access (Password protected)
As you can see, in all cases, the attacker gets access to your baby monitor by first getting access to your router. So, the first and obvious layer of protection is to secure your wireless router. After that, there’s more you can do. But before we get into that, let me explain to you how the hackers can get in.
If you don’t care about all that, feel free to skip ahead to the Video Baby Monitor Security Checklist.
Compromising Your Router Security
When an attacker gets administrative access to your router, it’s pretty much game over for every device connected to it. Your baby monitor might be the least of your concerns. But to stay on topic, most baby monitors are configured by accessing their administrative “backstage” via your router. If a hacker gets access to your router, they can then start monkeying around with the security settings of your baby monitor.
Here’s how they can get in:
An attack via unauthorized internet access to your router is the least likely to occur. All routers use Network Address Translation (NAT) to filter out unauthorized incoming traffic. The only exception here is if you’ve purposefully gone in and enabled port forwarding or created a demilitarized zone. You’d usually only do this for programs like BitTorrent clients or high bandwidth online video games. If you don’t know what these are, ask your teenager if he or she did any of these things to your router. If not, you’re probably OK. You can check your router’s settings pages to make sure, though.
An attack via remote access to your router is similar. In the same way that you can set up your baby monitor to be legitimately accessed via the internet, you can have your router’s administration page accessible via a wide area network or the internet. This is in lieu of accessing your router’s configuration page by connecting to it directly via a wired or wireless connection. Unless you’re an IT administrator for a business, there’s practically no reason you need to do this—it just makes you more vulnerable. Go ahead and disable this feature in your router’s settings page. If you don’t ever remember enabling it, then it’s probably already disabled. It’ll usually be called something like “remote setup” or “Allow Setup over WAN.”
An attack via local access to your router is the same as remote access to your router, except a hacker will need to be within WiFi range or able to plug directly into your router. This is rare, but don’t rule it out—think about open houses, parties, house sitters, etc. If you have an open wireless network, meaning anyone can connect without a password (why? why? why?), then your neighbor can get in as they please. Even if you have wireless passwords enabled, someone could plug into the router via an Ethernet connection, crack your router admin’s password (or use the factory default, if you haven’t changed it), and then go to town.
Compromising Your Baby Monitor Security
Let’s assume now that the hacker has access to your router and therefore your baby monitor’s configuration. Just like your router has default settings that protect it from unauthorized traffic, your baby monitor will usually have these protections in place out-of-the-box. But many video baby monitors also have UPnP and port forwarding settings that can be enabled to make the camera less secure.
Also, if you haven’t set a password for your baby monitor or changed the factory default password, someone can easily access the camera now that they have router access. They can continue using the known factory default password or put in their backdoor account.
Now, up until now, we’ve been dealing with unauthorized access to your router via the internet. A lot of these smart baby monitors enable you to legitimately access your baby monitor via the internet. That is, say you’re at work or on a date or something, and you want to look at your little sleeping angel from your phone. This is a feature you can enable from within the video baby camera’s software settings. But I don’t think you should. The bandwidth and security implications of enabling this feature are too great if you don’t know what you’re doing. So just save yourself the risk and don’t use your video baby monitor as a nanny cam. Just text your babysitter and ask how things are going, okay?
The problem with enabling Internet access to your baby monitor is that it vastly simplifies the work a hacker has to do. Instead of penetrating your router, then gaining administrative access to your router and then administrative access to your baby monitor, they just have to crack the password that you set for remote access to your baby monitor. It’s a bit like leaving a key under the doormat by your front door. If it’s easy and convenient for you to access, it’s easy and convenient for hackers to access.
Video Baby Monitor Security Non-issues
So, all that should give you a good idea of how hackers can get into your baby monitor. It’s pretty much simple home wireless network security stuff. There isn’t anything inherently dangerous about baby monitors that isn’t also true for all the devices on your home network. The difference is that the temptation to maliciously prank is much higher, and the creep factor is extra high. If you simply treat your baby monitor with the same vigilance as your phone, your laptop, and your tablet, you should be OK.
Simply having a video baby monitor in the house doesn’t immediately open up a window to the world. Plus, you don’t have to worry about someone intercepting the digital video signal over the air. Digital video baby monitors use encrypted signals. It’d be way too hard for someone to crack these, and they’d need to be within signal range.
Video Baby Monitor Security Checklist
Whether or not you read all the slightly technical mumbo jumbo I just wrote, there are some pretty simple steps you can take to make your video baby monitor secure. Do them one at a time, and if you need help with your particular baby monitor model or router model, check the manufacturer’s documentation or leave a comment. If you are leaving a comment, just make sure you get your question answered before connecting your device.
- Secure your wireless router. I could write an entire post on this. But fortunately, Andre already did so I don’t have to: Secure Your Wi-Fi Router Now With These Security Tips. Along those lines:
- Update the firmware for your router.
- Disable remote access to your router. Don’t let it be configured from anywhere but right inside your house, connected to the wireless or wired network.
- Set a password for your baby monitor, if you haven’t already (why? why? why?). You should also make sure you have a strong password
- Change or remove the default login. Some cameras and routers have default login information, something stupid like “root” as the user and “password” for the password. Even if you’ve set up your login information, you should make sure that the old default login credentials have been removed or changed.
- Update the firmware for your camera. The steps for doing this are different for every manufacturer. Shoot me a message if you need help.
- Disable DDNS on your camera, if it has it.
- Disable port forwarding or UPnP on your camera, if it has it.
- Disable remote access to your baby camera. It’s convenient but unnecessary. And if you don’t have an unlimited data plan, it’s going to be expensive, too. Sending video feeds over the internet to a phone eats up a lot of data. If you are adamant about using remote access to your camera, make sure you do the following as well:
- Change the port that’s used to access your camera. The default is 80, and that’s the one that hackers will check first. Change it to something above 8100, if you can.
- Periodically check the logs for unauthorized access. When you are looking at your log, look for unusual things, like IP addresses you don’t recognize or strange access times (1 PM when you weren’t even home, for example).
If you address all the items above, you should have protected all the typical attack vectors to the best of your ability.
Did I miss anything? Let me—and your fellow groovyPost readers—know in the comments section.