Watching your baby via your 21st century baby monitor seems like the responsible parent move, but as one South Carolina mother found out, you may not be the only one keeping an eye on your household. As first reported by NPR, Jamie Summitt discovered that that her baby monitor was being used for nefarious purposes. Rather than helping her to watch over her child, the monitor was watching her.
The FREDI baby monitor in question is available for purchase on Amazon and boasts a 1080P HD camera with two-way talking, infrared night vision, and motion detection. It has a 3.6-star review from 166 customers, and can be purchased for the relatively low price of $40. But clearly, it has major flaws. Summitt realized that she was no longer the only one controlling the FREDI when she got a smartphone alert notifying her that the camera was moving.
“I looked over on my phone and saw that it was slowly panning over across the room to where our bed was and stopped,” Summitt told NPR. It ultimately moved to the spot where she breastfed her son multiple times a day. It then adjusted itself again to eye the empty bed and then back to the baby’s bassinet.
While the Summitts briefly toyed with the notion that the monitor was haunted, they quickly realized that the more realistic explanation was that the monitor had been hacked. Indeed, this is by no means the first time that a baby monitor or supposedly family-friendly connected device has been used for nefarious purposes. In fact, just a few days ago, major retailers including Amazon, Walmart, and Target stopped selling a “smart” toy that was shown to be able to spy on children. This led to a leak of over 2 million recordings of kids playing with the toy.
In 2015, security analytics firm Rapid7 discovered that several baby monitors are vulnerable to a range of security issues. Not only could a hacker see what might be happening in your household, but an ill-intentioned actor could also gain broader access to a home’s internet network, stealing information from computers or other connected devices.
“We found that there were, pretty much across the board, some pretty easy-to-exploit vulnerabilities — things that have been already solved in mainstream computing,” said Tod Beardsley, Rapid7’s director of research. Baby monitors, for example, can reset to their factory default settings without warning their owners, and sometimes, don’t require authentication for login or use.
“Hackers that I know and hang out with refer to Internet of things hacking as ‘hacking on easy mode,’ or ‘hacking like it’s 1998,’ ” Beardsley added. And because these devices are so easy to hack, it’s not uncommon for hackers to just scan the internet in search of unsecured devices.
“I would have never, ever bought something if I thought it was this easy of a security risk,” Summitt told NPR. “When I was making my baby registry, nobody warned me — no other mom said anything. It’s not common knowledge.”
