Serious Concerns Over ‘Smart’ Baby Monitors Being Sold By Retailers
Serious concerns have been raised after it was revealed that ‘Smart’ baby monitors being sold in Australia can be hacked in minutes.
There is also concerns about security cameras and thermostats after Israeli cyber security researchers were able to easily track down access passwords online.
They said that the ease with which criminals or paedophiles can take control of devices in the home is ‘truly frightening’.
The flaw in these devices was exposed by experts at Ben-Gurion University of the Negev, Israel, who examined off-the-shelf internet of things (IoT) devices and quickly uncovered several serious security issues.
IOT devices are products that connect, communicate or transmit information over the web, they are also an in-demand category at Australian retailers.
The researchers tested sixteen popular brands of IoT connected devices just to make sure that their conclusions were right.
‘Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products,’ study lead Dr Yossi Oren said.
‘It is truly frightening how easily a criminal, voyeur or paedophile can take over these devices.’
The team discovered that similar products under different brands often share the same common default passwords.
Consumers and businesses rarely change these passwords when purchased and they could be infected with malicious code for years without them realising.
A June 2017 Which? study in the UK tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.
The survey of 15 devices found that eight were vulnerable to hacking via the internet, Wi-Fi or Bluetooth connections.
Among them were some of the biggest brands being sold in Australia.
Which? said ethical hackers broke into the CloudPets toy and made it play its own voice messages.
They said any stranger could use the method to speak to children from outside.
Australian Police have told SmartHouse that they are concerned by the findings.
Researchers have been able to logon to entire Wi-fi networks simply by retrieving the password stored in a device to gain network access.
‘It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,’ study co-author Omer Shwartz said.
Manufacturers of so-called IoT products – which include physical devices, vehicles, home appliances and other items that connect and exchange data – rarely protect them from simple cyber-attacks, researchers said.
Mr Shwartz added: ‘Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.’
‘We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices,’ Yael Mathov, another researcher on the project, said.