Is that wireless baby monitor really ‘hack-proof’? Hardly
Baby-proofing your apartment is hard enough. Hacker-proofing it shouldn’t be difficult.
But new parents today are swimming in marketing pitches for wireless, radio frequency baby monitors, several of which either overpromise or underdeliver on security claims, according to a survey by security company Independent Security Evaluators.
“Most of the monitors on [our] list make at least some security claims,” says Ted Harrington, who examined security claims for ISE at the request of The Parallax and BestReviews.com, which is running a detailed summary of each product ISE surveyed. “None provide any sort of validation, third-party security assessment, or any other method of substantiating the validity of those security claims.”
ISE surveyed five popular baby monitors: the Infant Optics DXR-8, AngelCare AC 420, VTech Safe&Sound, Graco Secure Coverage Digital, and Samsung SEW-3043W BrightView. None of their manufacturers returned requests for comment.
“Until the companies are hearing very loudly that security is a priority, they’re not going to address it.” — Ally Downey, CEO of WeeSpring
As we saw in February with MouseJack, an exploit of a critical vulnerability in wireless keyboards and mice, using radio frequency connectivity instead of Bluetooth or Wi-Fi doesn’t guarantee safety. Mary Landesman, a security researcher with more than 20 years experience, says her time serving in the U.S. Coast Guard showed the incredible range of radio frequency signals.
“I worked an SOS in Virginia on 500CW [continuous wave]—pretty short range—and it turns out that the guy was in the Mediterranean,” she says. “Due to the inconsistencies of radio wave propagation, you actually have the potential for much longer-range interception.”
To be sure, most of the monitors BestReviews.com tested struggled with reception at 100 feet, not thousands of miles. But more often than not, their signals can extend beyond your home’s walls. A 2015 study of radio frequency vulnerabilities highlighted the ease with which they can be intercepted using a cheap baby monitor or even a $15 hardware kit.
For its survey, ISE focused on the security claims of the baby monitors; it did not perform tests to determine whether vulnerabilities actually exist in the products. But introducing overly broad claims can mislead consumers and obfuscate a product’s actual features. And conversely, not addressing parents’ security concerns can turn them away.
“Until the companies are hearing very loudly that security is a priority, they’re not going to address it,” says Ally Downey, CEO of WeeSpring, a parent-sourced product reviews site.
ISE’s baby monitor findings
Infant Optics’ claims, Harrington says, are “extremely misleading.” The DXR-8 relies on wireless radio frequency. The company states on its website that its products are “100 percent secure. We specialize only in non-Wi-Fi baby monitors. Our products are hack-proof.”
The danger in making claims that something is 100 percent secure or hack-proof is that nothing actually is Landesman says. “The naivete to make that claim is concerning. It will lull consumers into a false sense of security.”
AngelCare takes a different tack. Instead of publishing misleading claims about its baby monitor security, the company simply doesn’t address security on its site.
Not talking about security doesn’t improve security, Harrington says. “It’s important because claims about security inform buying decisions. Claims need to be both present and accurate.”
While hackers might find it “useful” to know which security protocols are in use, Harrington says that knowledge does not instantly grant them access. “To not make security claims would not prevent a hacker from getting in.”
VTech, which found itself in hot water last year over website breaches that exposed more than 4.8 million parents and more than 6.3 million kids’ user data to hackers, claims that its Safe&Sound products use the DECT 6.0 cordless-telephony standard so that “only you” can hear your baby through the monitor. However, Harrington says DECT 6.0 is used to “increase range and reduce interference” in wireless devices and, by design, it supports multiple handsets.
In theory, he says, an attacker could register another handset to the Safe&Sound base and eavesdrop on the baby monitor.
Graco did not elaborate on its website which security features are included in its Secure Coverage Digital monitor. It does not back up its claims to provide “secure digital technology for optimal clarity, performance and privacy.”
Samsung makes one claim about the security of the SEW-3043W BrightView on its website: “The Pure Digital Signal utilizes a 2.4GHz frequency to provide secure and interference-free rechargeable battery.“
“This claim does not make sense,” Harrington says. “The [radio] frequency, battery, and security of the system are not related in this context.”
Parents still rely heavily on radio frequency wireless baby monitors because they’re reliable and haven’t been hacked the way that Wi-Fi baby monitors have, with websites dedicated to broadcasting video from exploited cameras, Downey says.
“It’s no surprise that somebody could just jump in and listen in, but I’m more concerned with Wi-Fi,” she says. “Parents complain about battery life, and whether or not the signal cuts in and out. Their paramount concern is whether or not they feel they can trust the baby monitors. I haven’t come across any complaints about the signal being intercepted.”