Is your baby monitor secure?

It may be time to update an old lullaby with a new stanza: “Hush little baby, don’t say a word, unless your Wi-Fi baby monitor is well-secured.”

Why? It turns out that some baby monitors that broadcast live audio and video feeds over the internet have few security protections. Nobody wants a monitor that lets you keep an eye on your baby from your computer or mobile device if it allows a stranger to hack the feed and watch, too.

The FTC’s Office of Technology, Research and Investigation looked at five baby monitors. Only one required a complex password. The others allowed users to access the monitor with simple passwords – including the ever-popular “p-a-s-s-w-o-r-d” – making them vulnerable to hackers. To make matters worse, three of the five allowed repeated entry of incorrect password attempts. Basic security procedures call for locking down an account in response to multiple password failures to prevent hackers from trying to guess the password.

A baby monitor sends its feed to your home wireless router, then the router sends it over the internet so that you can view it remotely. Two of the five baby monitors didn’t encrypt the feed between the monitor and the home router, and one didn’t encrypt the feed from the router to the internet. The result: additional vulnerabilities.

How can you make sure that your monitor only serves as eyes for you and the people you trust? Here are a few tips:

Make the monitor’s security features a priority. When shopping for a baby monitor, look for ones that use strong security protocols to transmit audio and video feeds to your home wireless router and to the internet. WPA2 is a standard wireless security protocol for home routers. To protect the feed on the internet, make certain the monitor uses an industry standard encryption protocol, such as SSL or TLS. Check the package or contact the manufacturer to find out.

Use the monitor’s security features. Once you’ve purchased a monitor with good security features, use them! Keep the monitor’s software current and check its password settings to make certain that it requires a password. Then, choose a strong password and enable the monitor’s security features so that it encrypts information transmitted via the internet.

Access the monitor securely. When accessing the monitor from a mobile device, confirm that your app is up-to-date and consider password-protecting your mobile device as well.

We have more tips about buying and using internet cameras, including baby monitors, pet cams, nanny cams, and other security devices. Check them out, so both you and your baby can sleep easy.

Comments

I bought baby monitors to catch a neighbor that was getting into my house and going through my personal and business information. It worked for about a week but it kept going down, I spent over 6 hours on the phone with the tech customer service resetting the system over and over and over and over. Apparently it was hacked so that I could not bust the person I knew was invading my privacy and personal rights

I agree, it worked for about a week but it kept going down.

Please specify which five were examined?? "Two of the five baby monitors didn’t encrypt the feed between the monitor and the home router, and one didn’t encrypt the feed from the router to the internet." How can we use the important information FTC gathers and shares if we don't know which ones you are talking about?? Thanks!

You can use the blog tips to help you choose  - and use - a monitor with strong security features, no matter where you shop.

Follow the links in the blog to find lots of useful information about wireless security protocols for home wireless, how to create strong passwords and other considerations when you're buying internet-connected devices.

I install mornitor

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.