Hackers could use baby monitors to watch your kids too, security experts warn

Some video-streaming baby monitors aren't safe from hackers, a security researcher finds, and it doesn't matter how much you paid either. Experts say this is part of a trend indicating poor security in Net-connected household devices.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read


Security researchers warn that hackers could use baby monitors to watch your children sleep as well.

Steven Musil/CNET

As if caring for a baby wasn't stressful enough, security researchers have now found that several models of baby monitors are susceptible to hacking too.

The research, conducted by cybersecurity company Rapid7 and released Wednesday, looked at a range of products, both in capability and price, that stream video of babies in their cribs over to screens monitored by parents and other caregivers. The company found that seven of them had flaws that could let hackers see that video stream too.

Experts said the flaws are one more example of the lack of security in the realm of gadgets that can communicate with the Internet, a trend known as the "Internet of Things." Whether it's a smart thermostat or a connected refrigerator, the devices are landing on store shelves without standardized security controls, potentially putting customers at risk, experts say.

Web-streaming cameras are no exception. "This means they are either completely exposed, or leave room for attackers," Einaras Gravrock, chief executive of home Internet security company CUJO.

Mark Stanislav, a senior security consultant at Rapid7 who conducted the research, said companies are starting to realize they need to agree upon standards that will make Internet-connected devices more secure, but it won't be immediate.

"We're seeing movement in the right direction," he said.

Aside from the obvious concerns about hackers peering into your home, there are other things this kind of breach can lead to. Some hackers, for example, have breached baby monitors in order to yell at infants and caregivers, something Stanislav said is likely exacerbated by poor security.

There are also larger potential threats, because a camera has a tiny computer inside it that talks to the Internet. If someone took it over, they could use that device as a portal into your home or work, stealing sensitive information.

To protect themselves and their babies from being spied on through their baby monitors, parents should keep the device's software up-to-date at all times, change any default passwords and even consider unplugging the device whenever they're not actively using it, Stanislav said.

Consumers should also remember that baby monitors and other Internet-connected devices won't tell you if they've been compromised. So even if you're doing everything right, security still isn't guaranteed.

"There's almost no way you as a consumer will ever know," Stanislav said.