Cover up your baby monitor, hackers are on the loose.
It’s 8 pm. You break out your finest bottle of red and sit down for the first time since returning home from work to take care of your one-year-old son. Before loading up the latest episode of Eastenders, you tune into your Fredi Wi-Fi baby monitor to check he’s fast asleep. You think it’s just you watching, but you’re wrong.
Joe Bloggs is also tuned into the feed. You’ve never met him, but he knows you. In fact, he knows everything about you – from where you live to where you shop. He’s even seen the embarrassing tattoo on your inner thigh. That’s because Mr. Bloggs has been following your life like a soap opera ever since you installed the Fredi.
Fortunately, that’s not quite a true story, but it could well be as researchers have found various flaws in the Fredi Wi-Fi baby monitor that allow hackers to remotely connect to the device and use its built-in camera without authentication, supporting a mother’s claim that her unit was hacked and used to spy on her family.
Related: Best Security Camera
“Unfortunately the device ID does not look very secure,” the researchers wrote. “Plus the default password is neither randomly generated nor device-specific. Unless the user has changed the password to a secure one, anyone can log in and interact with the camera by ‘trying’ different cloud IDs,” they added.
The investigation also found that the Fredi creates a backdoor into home Wi-Fi networks. Once uncovered, hackers can connect to other localised surveillance systems and even mine connected devices – like computers and smartphones – for sensitive data, including credit card numbers, messages and even pictures.
So what can customers do to stay safe? Research firm SEC Consult says that changing default passwords and keeping an eye out for suspicious hardware activity should do the trick, but we’d advise going a step further by ditching the Fredi and investing in something a bit more respectable, like the Philips Avent uGrow.
Think your baby monitor has been hacked? Let us know the details on Facebook or Twitter @TrustedReviews.