How safe is your baby monitor? We investigated privacy, find out what happened
24 August 2016
Baby monitors being hacked have been big news recently.
You might have heard the disturbing stories of parents reporting hearing strange voices talking to their babies or hackers remotely controlling the baby monitor's camera to follow a mum's movements around her baby's nursery.
More so-called 'smart' baby monitors (that turn your phone into a baby monitor) have come on the market in the last few years. But with reports of hacking becoming more widespread, we wanted to see whether we could get into three of this type of baby monitor.
To find out, we challenged three Which? technology experts to see how far they could get with three popular wi-fi baby monitors.
All three baby monitors were assessed for security vulnerabilities, including unencrypted data, unsecured ports and expired security certificates. The team also ran some basic tests to assess the security of admin logins and any password prompts.
The baby monitors our team investigated in our snapshot test are:
- Motorola MBP853 Connect
- MiniLand Everywhere IP
- Luvion Supreme Connect
Discover what we found in Can my baby monitor be hacked?.
How we test for baby monitor privacy
Our privacy investigation, the disturbing hacking stories and the fact that we know many parents remain potentially unaware of the security issues they could be faced with means we now send all the wi-fi baby monitors we test to an expert privacy lab.
For all wi-fi baby monitors we test how secure they are and check for any vulnerabilities you may need to know about, like unsecured data or weak password requirements and if any data could be intercepted.
Our revamped baby monitors testing also includes improved assessments for video picture quality, volume clarity and sound, as well as up to date range and signal strength testing.
Browse our latest baby monitor reviews.
Which? advice on baby monitor privacy
Hackers tend to crawl the web to find unsecured cameras, and then exploit them. They may do this for criminal gain, or just for kicks. Either way you can protect yourself from this activity.
What can I do?
Secure Sockets Layer (SSL) Certificates are essentially little data keys that lock up various digital activity, including secure connections, from prying eyes. They are used for all different types of activity, but most often in credit card transactions, data transfers and logins. You’ll know they are being used by the HTTPS in the browser name and the little padlock icon.
Our security expert says baby monitors should use SSL certificates to secure the data they are transmitting, but finds that many don’t and the ones that do sometimes have old or expired certificates. Some of these are susceptible to a 'man-in-the middle attack', where your data can be intercepted, or have known vulnerabilities or exploits.
Go for a camera that takes privacy seriously. Companies can buy secure SSL certificates from around £30 per URL, so we're not talking a big investment to make security a priority.
Too many cameras are shipped out with generic passwords. This means that hackers searching for open cameras don’t need to think too hard to get access to the camera. If neither the user nor the manufacturer sets a secure password, the camera can be wide open to hijacking by hackers. Often, with both baby monitors and wireless security cameras, the user is not properly prompted to set up a password, so this is never resolved.
Set a secure password, even if that means spending some time digging around in the menus to find the right setting. While a password is never 100% bulletproof to hacking attacks, it means that your camera isn’t low hanging fruit for the bottom feeders that trawl the internet.
See our top tips for setting a useful password
Care what you share
With any device that's opening a gateway between your life and the outside world, it's worth being more aware. Switch if off when you're not using it. Or pop a piece of tape over the camera. You don't have to worry, just be savvy.
The more consumers question retailers and manufacturers about security, the more it will get fed up the supply chain and make all manufacturers of smart devices make security a priority. So don't be afraid to question.
How we test baby monitors – find out more about the lengths we go to.