As any new parent will tell you, baby monitors are important. They let you keep a close eye on your most precious cargo as it rolls around in the crib and they even let you talk to the little tyke. But you might not be your babys only audience.
Some smart baby monitors have crucial security flaws that allowhackersto take over, sometimes watching and even interacting with your child. The popular iBaby family of internet-connected cameras recently joined this club when a cybersecurity company found vulnerabilities in its M6S model. As of the time of this post, almost a year after being contacted about the bug, iBaby Labs still hadnt fixed the issue.
This might make you wonder: Is the sense of security these monitors provide parents worth dealing with the actual security vulnerabilities many of them have? There are also questions about AI-outfitted baby monitors designed to offer life-saving features that might actually create more anxiety for parents than they relieve. Maybe, in the face of all this new tech, its time to cut the 21st-century umbilical cord.
iBaby apparently doesnt care about security warnings
Bitdefender, the aforementioned security company, just released the results of its research on the iBaby device as part of its partnership with PCMag. The report details several ways potential hackers can remotely access iBabys monitors. They include giving hackers the ability to download recordings, to find the cameras device ID, to pull users personal information using that ID, and even to control the camera.
Alex Jay Balan, chief security researcher for Bitdefender, told Recode that iBaby should have a relatively easy time fixing these problems. However, when Bitdefender notified iBaby that its M6S smart baby monitor contained potential vulnerabilities that give hackers access to baby videos, its response was a whole lot of nothing.
Starting in May 2019, Bitdefender made multiple attempts to contact iBaby and inform the company of the vulnerabilities so the company could fix them before they became public. Bitdefender told Recode that it was never able to get in touch with iBaby, and so those issues remain unsolved. Recode had similar difficulty reaching iBaby; its press email bounced back and a call to the support line went to voicemail that, more than 24 hours later, still was not returned.
iBaby did reply to an email sent to its support email address, but the response appeared to be a form letter with assurances that the safety and comfort of your family and precious baby was iBaby Labs No. 1 priority. It then linked to a statement from September 2015 that, in addition to a promise of encryption, reads, Our monitors are hosted by Amazon Servers, therefore, the security is very high equivalent to military security. The letter was signed by Elnaz Sarraf, who is identified as iBabys co-founder and president. She left the company in 2017.
This response is especially surprising considering iBabys prominent place in the baby monitor market. The iBaby Monitor M6S camera, the model with the reported vulnerabilities, was once a top Wirecutter recommendation, and CNN recently proclaimed its M7 model to be the best wifi baby monitor. Its also currently marked as Amazons Choice.
Companies with high accountability (most recently Ring/Amazon) reply instantly, and theyre very cooperative, Balan said. Most others, however, dont have a security contact.
Smart baby monitors are increasingly popular targets for hackers
Like Ring cameras, baby monitor hacks tend to expose some of our most sensitive information. The cameras are often internet-connected, and theyre in our homes, recording our daily activities, giving voyeurs the chance to watch and even communicate with our children. This potential for abuse is perhaps what makes smart baby monitors such attractive targets to bad actors, and its also why repeated instances of lax security features on baby monitors are so unsettling.
In recent years, smart baby monitor vulnerabilities and the hacks they make possible have made quite a few headlines. A Seattle couple reported last November that their Fredi brand baby monitor got hacked, causing the camera to scan their home. An unidentified voice even said I love you to their 3-year-old child. In December 2018, a Nest camera shouted sexual expletives and threatened to kidnap the baby. And a Minnesota couple was horrified to find photos of their baby from their hacked monitor on another website in 2015.
Its not easy to say why some of the cameras dont do a better job of protecting users data, David Choffnes, an associate professor in computer science at Northeastern University who has studied smart camera security, told Recode. Often it manifests from a gap between knowing what are best practices and correctly implementing them on devices.
As is often the case with technology, you get what you pay for. In the end, many consumers purchase devices based on price, not security, Choffnes added. Until that changes, the incentives are not in place to have more security by default.
That said, the vast majority of smart baby monitors dont get hacked at all, so the odds are pretty good that your baby will make it through toddlerhood without being spied on by someone other than you. As with any internet-connected device, the chances of a hack are never nil. There are non-connected baby monitor alternatives, however, that mitigate that risk. More on that in a second.
Do AI-equipped baby monitors and smart socks save lives or make them worse?
While it seems reassuring not only to hear your slumbering baby but also to watch them breathe, theres evidence that some of the newest and highest-tech devices may create more anxiety than they alleviate and that monitor manufacturers are using that anxiety to cash in.
Take, for example, the new AI-enabled surveillance software that monitors your babys face for signs of distress, then alerts parents if it detects any trouble. Or take the AI baby monitor called Cubi. This gadget claims to be the worlds smartest baby monitor and will send you push notifications with updates when your child cries or rolls over onto their face. Cubi aggressively markets its device as a system that saves babies lives.
Then theres the Nanit Sleep System, which claims not only to monitor your sleeping baby but also to detect the quality and time of their sleep. A company called Owlet makes something called a smart sock that wraps around your babys foot and supposedly measures your babys heart rate, oxygen levels, and sleep. Theres also the Sproutling smart anklet, which offers all of those measurements as well as baby temperature, ambient noise level, and data on your babys movements.
While this data can be an attractive selling point for new parents, some experts doubt that super-smart baby devices are necessary, and theres not currently any scientific evidence that suggests otherwise.
We have the technology to do this kind of constant surveillance and hyper-monitoring, and maybe some of these technologies will help or save one kid, Kim Brooks, the author of Small Animals: Parenthood in the Age of Fear, recently told the Washington Post. But what we dont talk about is the cost. Its driving parents insane.
So, whats best for you and your baby?
Look, weve all got different priorities and concerns. If your primary issue is protecting your baby monitor from hacks, the solution is easy: Go analog.
In the days of old, parents used radio-powered walkie-talkies to monitor their children from afar, which provided audio cues of potential trouble. These gadgets were not connected to the internet, and they didnt have video. Before that, parents just used their own ears and hoped for the best. Were these better methods? That depends on what makes you more nervous: not being able to see your baby at all times or owning an internet-connected video camera that could malfunction or, in rare instances, give a random hacker access to your home.
As with buying anything, finding the right device with the right amount of features including connectivity and AI involves careful research. Wirecutter offers in-depth reviews, though we should also remind you that the now hackable iBaby M6S once made its list. Wired has picks for several types of baby monitors, including audio-only and internet-free devices. Meanwhile, Lifehacker recommends staying away from wifi models entirely.
But if after all of this, your heart is still set on a smart baby monitor or sock, try to find a device that lets you set your own password and offers two-factor authentication. Also, be sure to keep current with security updates, since they may include vulnerability patches.
Choffnes, the security camera expert, doesnt use an internet-connected baby monitor for his toddler.
Given the potential risks of devices being hacked and the numerous news stories about it happening and the lack of any benefits I perceive from having an internet connection, I cant justify purchasing such devices, Choffnes said. Except for testing in my lab.
Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.
