back to article IoT baby monitors STILL revealing live streams of sleeping kids

Internet-connected baby monitors are riddled with security flaws that could broadcast live footage of your sleeping children to the world and his dog, according to new research. Mark Stanislav, a security researcher at Rapid7, discovered numerous security weaknesses and design flaws after evaluating nine different devices from …

  1. Pascal Monett Silver badge

    And that's how you make good publicity for yourself

    Philips and Weaved are the names I will be recommending on this point - if ever it crops up around me.

    1. David Austin

      Re: And that's how you make good publicity for yourself

      Agreed - I was disappointed to see Philip's name in the list, as I'd expect better from them, but their pro-active response put a lot of that confidence back.

  2. Anonymous Coward
    Anonymous Coward

    Ugh, IoT strikes again.

    I've kept our monitor as low tech as possible. Simple DECT base station night light and microphone pickup with a receptor unit at the other end. No cameras or speakers of any kind (I'm of the view that you should physically check your little person from time to time instead of relying on cameras and microphones). If anyone ever bothers hacking that, they'll hear shuffling and farting.

    1. Anonymous Coward
      Joke

      If anyone ever bothers hacking that, they'll hear shuffling and farting.

      Try moving it further away from your bed and closer the the baby's

    2. Anonymous Coward
      Anonymous Coward

      Or in the case of my lad...random chuckling and thudding at 3am as he kicks ten bells of shit out of his cot.

  3. Little Mouse

    The illusion of safety

    With the whole setup seemingly contained within your own four walls - monitor upstairs, smartphone/tablet downstairs, everything hooked up to your local WiFi - you can understand how many people might not realise that the internet is a factor, or even consider that there may be security implications.

    It makes me glad that I dodged this particular bullet by a few years. The worst thing that happened to me with our baby monitors was picking up the very faint, crackly sound of someone else's crying child.

    I can testify that hearing a "ghost" baby crying as if from miles away, over the speaker when you're particularly sleep deprived at sod O'clock in the morning, can be seriously unnerving.

    1. mythicalduck

      Re: The illusion of safety

      everything hooked up to your local WiFi - you can understand how many people might not realise that the internet is a factor, or even consider that there may be security implications

      Why should they? If I plug anything into my LAN (or connect via WiFi), I don't expect anything to be able to connect to it from the internet, unless I set up port forwarding.

      1. Martin an gof Silver badge

        Re: The illusion of safety

        everything hooked up to your local WiFi - you can understand how many people might not realise that the internet is a factor, or even consider that there may be security implications

        Why should they? If I plug anything into my LAN (or connect via WiFi), I don't expect anything to be able to connect to it from the internet, unless I set up port forwarding.

        Because most people have never heard of UPnP, let alone turned it off.

        M.

        1. Voland's right hand Silver badge

          Re: The illusion of safety

          Because most people have never heard of UPnP, let alone turned it off.

          Exactly. Most of the fecking cameras will kick off a UPnP request to have some ports forwarded and will set themselves open to the Internet do you like it or not. The actual "portal" which you "access" to see you sprog from the Internet (and which you consider "secure") is just a redirect to your (already on the Internet) camera.

    2. Anonymous Coward
      Anonymous Coward

      Re: The illusion of safety

      <BBzzzt crackle>....are you my mummy.....

      1. David Austin

        Re: The illusion of safety

        Nononono Nope.

  4. future research

    Why do you need one?

    Never saw the point in them in the average house. Baby's have a loud cry on them anyway, so you just need to keep the doors open and keep the TV at a sensible volume.

    Marketing for the win.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why do you need one?

      Ever had a child? They're handy devices and you'd be surprised at how easy it is to drown out the sound of crying (though it doesn't seem like it in the dead of night).

      For example: you've put them to bed. You've gone downstairs and into the kitchen. You need to cook and you put on the extractor fan and it's quite loud. You could turn it off, but then you'd need to open a door or window because the heat, moisture and smells build up as you cook. Also, to stop it spreading around the house generally, you'd close the door to the kitchen. That's enough to drown and muffle the sound of whimpering or crying.

      1. Little Mouse

        Re: Why do you need one?

        Because they're fun?

        Jill: "Put that down - It's not a toy!"

        Trevor: "It's not a toy. But we could use it as toy..."

      2. gw0udm

        Re: Why do you need one?

        We never used ours. I took the view that if you couldn't hear them crying then it couldn't be that bad... They usually stop if you leave them long enough anyway!

        I can't believe the amount of paranoia that people have with video monitors, pressure pads, heart rate monitors etc. The human race has survived thousands of years without such things.

        1. strick1226
          Alert

          Re: Why do you need one?

          I rather thought the same thing... until we very nearly lost our two-month-old son to sleep apnea. That kind of thing was hard to detect with an audio/video monitor alone.

          After we randomly found him half blue one night we installed a breathing monitor that clipped onto the front of his diaper that would, upon detecting a lack of chest movement, first vibrate strongly a series of pulses, to evoke a response on his part and then, failing that, beep loudly and continuously in order to alert his loving parents to this situation.

          We only had it go off three times all in all, but the combination of that breathing monitor and the babycam audio/video monitor is what made all the difference for us. Thankfully, he outgrew the apnea thing several months later altogether.

          Two years later now, I still shudder when I think about it. I can't help but wonder if so many of the mysterious crib deaths (SIDS etc.) of the past weren't related to these sorts of medical things. I'm grateful for the technology.

        2. Allan George Dyer
          Boffin

          Re: Why do you need one?

          @gw0udm "The human race has survived thousands of years without such things."

          Well, millions, in fact. But there is a distinction between the race surviving, and particular individuals experiencing evolution in action. Gross sentimentality, I know, but if you're happy with "the human race" surviving, my genes have an advantage.

      3. future research

        Re: Why do you need one?

        Ever had a child? They're handy devices and you'd be surprised at how easy it is to drown out the sound of crying (though it doesn't seem like it in the dead of night).

        For example: you've put them to bed. You've gone downstairs and into the kitchen. You need to cook and you put on the extractor fan and it's quite loud. You could turn it off, but then you'd need to open a door or window because the heat, moisture and smells build up as you cook. Also, to stop it spreading around the house generally, you'd close the door to the kitchen. That's enough to drown and muffle the sound of whimpering or crying.

        Got 2 Kids thanks. We eat with the kids before they go to bed, but in your example but you can still open the door every 5 minutes an listen out for them, if you are doing something noisy that would drown the sound out. But even today, in our new house with closed firedoors that block out the sound quite well, they can still wake me at night, of I can hear them above the TV.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why do you need one?

          Baby monitors are too stressful anyway...that bastards hold their breath deliberately.

      4. Anonymous Coward
        Anonymous Coward

        Re: Why do you need one?

        Kids have been crying for 1000's of years and parents coped. Crying doesn't harm a child. If it takes the parent a couple of minutes to show up, then that child learns patience. Jumping to attention because your baby farts is stupid. So are baby monitors. I am really glad I was born when I was because all this over protective parenting would have ruined my childhood. Kids can't walk to and from school, but are allowed out to play by themselves? where is the logic. /rant over.

      5. Terry 6 Silver badge

        Re: Why do you need one?

        Yes, you should have a baby monitor. An old fashioned low tech sound carrying job. Very useful for peace of mind. But IoT crap ffs NO!

    2. fruitoftheloon
      Stop

      @FR: Re: Why do you need one?

      Future research,

      How old are your kids?

      Cheers,

      Jay.

  5. tony2heads

    FM radio versio

    Before the camera thing was around I had some workmates who cobbled together a low-power FM transmitter at the edge of the band where there were no stations (almost certainly illegal) so that next door neighbours could keep an ear out for problems & phone you on an evening out.

    Of course ALL the neighbours could here it, and if they could identify the baby, would know you were away - but it was a quiet village with no burglary problem

  6. Bob H

    Motorola

    I've got a non-IP Motorola camera monitor for my little one, it is good because you can see what he's up to. He's not much of a crybaby so it is helpful to know what he's up to.

    The thing that stands out to me is that the box says the audio is encrypted, but the fact that it explicitly calls out the audio as being secure must mean that the video is insecure. I really need to get out the ol' spectrum analyser and see what the video looks like.

    1. Anonymous Coward
      Coat

      Re: Motorola

      Can't you just do that with a TV?

  7. Anonymous Coward
    Anonymous Coward

    Camera option can be useful for adult monitoring. Good way to monitor someone with severe illness / disability who can get into problems but not be able to make much noise to communicate the issue.

    So, although you are not woken by any sound, if you wake in night you can quickly check image on camera monitor e.g. bathroom break (or more likely force of habit as get in routine of periodic waking to check monitor)

    (AC for obv reasons as refers to real world scenarios real ill person)

  8. Cynic_999

    Good for monitoring teenager's rooms as well. Or for teenager's to monitor parents to see if one is heading toward their room.

  9. Commswonk
    Facepalm

    Re: The illusion of safety

    Why am I unable to read all this without thinking "Praia de Luz"? Would devices such as these make the situation better or worse?

  10. The Vociferous Time Waster

    My way of parenting...

    [my way of parenting] is better than [your way of parenting] so I am going to criticise [your way of parenting] and tell everyone how much better [my way of parenting is]

    Guys, just do what works and leave others with kids of a different age/temperament to do what works for them.

    1. alexdonald

      Re: My way of parenting...

      Hear hear...

      Sorry, obviously I mean +1... oops

  11. druck Silver badge

    Get a good router

    I bought a cheap Chinese camera, in the full knowledge that their remote server would have more holes than Swiss cheese. But I've got a good router with a firewall that allows me to block every UDP and TCP port that the camera tries to open. The only way the camera can be accessed is on the local network or via an encrypted VPN.

    Only trouble is the cheap crap broke within 6 months, so its back to the audio only DECT based monitor.

  12. Jediben

    All wrong. No harm can come from this scenario. Fear mongering at best, outright bullshine at worst. Nothing to see here, as I commented the last time this non-issue appeared on El Reg.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like