13

There are, from time to time, stories in the media about baby monitors being hacked. The hacker can for example gain access to the video feed and be able to interact with the monitor.

While I understand that completely protecting yourself from any type of hack, my basic question is: What are some things that one can look for in a baby monitor (audio and video) that will help prevent a hacker from gaining access? (I am assuming that no one untrusted has physical access to the monitor.)

I understand that just because a monitor has a feature it is useless unless it is used.

As an example: some monitors use WEP, but from what I can guess, this actually isn't safe(?)

techraf
  • 9,141
  • 11
  • 44
  • 62
Thomas
  • 3,841
  • 4
  • 22
  • 26
  • 8
    The security of baby monitors over Wifi, especially the video ones, is **notoriously bad**. Steve Gibson discusses this in episode 563 *IoT Infancy (pt.2)* of [Security Now](https://www.grc.com/securitynow.htm). His advice: postpone purchase, or see if you can buy an older model that does not use Wifi, but radio. Still not secure, but a little better. (BTW There are text transcripts on that page that make it easier to scan though). –  Jun 18 '16 at 09:56
  • 4
    @JanDoggen The original report is actually from Rapid7: https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf And the problem is with remote (Internet) connectivity, not the fact that they are wifi. – schroeder Jun 21 '16 at 16:00

4 Answers4

4

The most common things are default configuration and outdated software.

So, in order to be safe, first be sure that you are using the latest software provided by the vendor.

Then change the default configuration. This include users and passwords, ports and any other relevant option you see.

Finally, be smart. Don't allow external traffic to that device if you are not going to use it outside of your home.

Basically, "hacking" of these kind of devices follow the steps I just described:

  1. Use Shodan to scan for the device (that is, the device is reachable from Internet)
  2. Try to log in using well-known default users.
  3. Look for the software version and check if there is any vulnerability reported for that version, and if that's the case, check if there is an exploit available for it.
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
  • 3
    While these are great tips once you have a device, it doesn't really answer the question of "what to look for" before you buy (which seems to be the question) – schroeder Jun 18 '16 at 20:46
  • 1
    @schroeder Before purchasing the device, one thing he may need to do is some research about the vendor. What technologies does it use? Is it known to have been vulnerable in the past? Etc. – The Illusive Man Jun 19 '16 at 09:29
4

The problem here is that most people who buy baby monitors plan on using them in their home, and most people don't do top secret stuff in their home - they reserve that for their corporate office or government agency type stuff. I also wouldn't recommend wireless security cameras either because they're seen as a low cost alternative to wired, mostly used in public places where people wouldn't normally discuss trade secrets. Most high security organizations don't use wireless security cameras because they are trivial to jam with off-the-shelf equipment.

Even if your WiFi network itself is secure, many wireless cameras allow people to login over the Internet (Internet of Things), and figuring out how to change the default passwords and picking a secure one might be too much effort if the included software is hard to use, and that's assuming the website doesn't have vulnerabilities or worse - allows the company itself to spy on you (if it was designed by one in China). A wired one isn't much effort to setup anyway since the computer is in the same room.

Therefore, I wouldn't recommend any baby monitor or wireless security camera (except maybe a hypothetical one made by Apple or Google) if I had millions of dollars at stake here. Furthermore, the two options below allow you to access the baby monitor anywhere you have Internet access.

Option 1:

Connect a security camera with night vision I recommend this one via USB or Ethernet to a computer in the room, configured to automatically answer video calls How to do it in Skype from your phone, tablet, or laptop.

If you don't have a spare computer in the baby room, you can get an old Thinkpad running Windows 10 - $154 on eBay. I picked a laptop because a typical desktop would cost $84/year in electricity if it's on 24/7, while a laptop might cost only $15/year.

If you want the baby to see you, you can put an external monitor next to the baby (preferably bolted or taped down so it can't fall on the baby). If you need a longer USB cable (unlikely), here's an active cable

IMHO, this setup is best because it has night vision - great when the baby's sleeping. It also gives you the ability to record your baby on multi-terabyte external hard drives via screen recording software so you can share video and pics of the baby with your friends or on social media. (Note that I'm not familiar with setting up screen recording software to automatically record when there's movement though.)

Option 2:

If you don't need night vision or recording, you can use a smartphone configured to automatically accept video calls. I recommend a Nexus because they can immediately get Android security updates and Skype might not always wake up an iPhone (which would require it to be always on). You can also get an older model for cheap Remember to keep it plugged into a charger.

If you're having problems with WiFi speed or range, I recommend an ASUS RT-88u or an ASUS RT-68u as they have 100+ feet of range

Footnote:

For the wireless network, keep in mind that an attacker can guess 100,000 WPA2 passwords per second on an AMD 5970 (a $600 gpu released in late 2009), so I'd use a 12+ character randomly generated password generated with LastPass or 1Password (or this tool. Because you should only need to type the password once per device connected, a hard to remember password shouldn't be a problem (I'd write it down in your password manager or in a computer somewhere) I recommend putting the wireless cameras on a separate network so you don't have to give visitors to your home the password to that network (if their equipment gets hacked, a hacker could know your WiFi password). ASUS routers can host separate networks on the same router.

Important: If you're going to connect to the baby monitor on an open WiFi network or are using it on a cellular network (stingray attacks) a VPN is required. I recommend ExpressVPN since it's probably the fastest, with PureVPN in second place.

Now, if you think someone's motivated enough to camp outside your house for the duration of the eavesdropping, laser microphones pose a real threat, and I'd get something to block the outside of my windows and put up a fence around my property so people can't put in a bug very easily, and hire 24/7 security guards. Of course, most people worried about those types of attacks also have their private conversations in interior rooms, use special sound blocking foam on the walls, and try to live in neighborhoods where a car parked on the street would be abnormal.

genealogyxie
  • 431
  • 3
  • 13
  • Given that OP made reference to using WEP, I think this goes far beyond what the OP is asking for. Not bad ideas, but probably not appropriate for the audience/use case. – Jesse K Jun 21 '16 at 17:19
  • 4
    Given that the OP has 1.4k rep on the Information Security site, I think he should be able to find his way around a wired webcam and Skype – genealogyxie Jun 22 '16 at 08:11
3

Some very specific suggestions:

  • A device that is not accessible via the internet is going to limit the physical range of threats. Wired, RF, or even bluetooth based devices will likely fall into this category.

  • If you do use a WiFi based monitor, make sure your home wireless network is secured at a basic best practice level, and that the monitor supports the same. This means keeping your router firmware up to date, disabling remote login to your router, changing default accounts/passwords and ONLY supporting WPA2. Use randomly generated passwords. These shouldn't take you more than an hour to take care of, and these features will be available on any modern router.

  • Check the monitor vendor's website for updates. If they're posting updated firmware for the monitor on a semi-regular basis, that's a good sign. Make sure you install any updated firmware.

  • Consider disabling remote access features, depending on your use case. Also consider blocking the ports/protocols that the camera uses at the router if you are only planning on using it within the house.

  • Encrypt all traffic, both at any kind of authorization layer and the video streams. I would hope that the vendor indicates support for this, and I would view it as a negative if they do not mention it. This can be done in different layers, as mentioned by @schroeder - but it's best if you know that it's done by the applications the monitor runs. Relying on bluetooth or WiFi encryption alone may be sufficient if you're only using it in-house.

  • Try to determine the authorization model: do you have to log in? Who hosts the login page? What does that get you access to? Be suspicious if you have to go through the vendor, but not too suspicious - they can do security better than you, but they're also a bigger target.

Jesse K
  • 1,068
  • 6
  • 13
  • "Also consider blocking the ports/protocols that the camera uses at the router if you are only planning on using it within the house" This really should be in bold and on the first line ;-) The insecurity in the tone of the question rests solely at the feet of situations where this was not the case. Cameras blocked at the firewall are perfectly secure (just possibly not as useful as desired) so this is the solution the OP is looking for – Jeff Meden Jun 21 '16 at 17:27
1

Keep these things in mind:

  • How does it wirelessly connect to the internet ? WEP should be fine if you are only concerned about remote hackers, but still is considered generally insecure. Think about this: If the camera's wifi security is outdated (WPA and WPA2 have been around for a long time), what else will be insecure?
  • What kind of authentication does it have. If the camera connects to the internet, can you change the passwords (if any exist). Does it have 2 step authentication? Does it have any at all?
  • How do you access the baby monitor? Do you access it through a portal online, or do you have to port-forward your router to the baby monitor. If you have to access it through a portal, is it secure? If you have to port-forward it, will it stop a remote hacker from accessing it?
  • Does it receive firmware updates from the manufacturer? Sometimes you can find it downloads on the manufacturers website. Check the date of the latest firmware update if it even exists.
  • And most importantly, Is the manufacturer reputable? If you care about security, you may have to pay more for it. Don't buy the cheapest camera on the block, or the first one you see. The expensive one may be just as secure as the cheapest one available. Be willing to pay more, but don't blindly jump for the most expensive baby monitor available. The manufacturer is the key to security.

If you don't need to connect it to the internet, you don't need to worry. The hacker will have to be near your house to access it. That is a rarity when it comes to spying on your baby monitor. Just change the password (if you can), and you should be fine. Even if you gave the remote hackers the password, they couldn't access it if your device is offline.

k9lego
  • 151
  • 3