Before the end of the first quarter this year, the IoT-focused search engine Shodan released a feature which let its users gain access through cameras connected to the web. This posed a vulnerability, with security researchers discovering a set of security threats which directly affect devices such as baby monitors.
Analyzing products from six different vendors, researchers from Rapid7 assessed the suite of products whose prices range from $55 to $260 and found out that these devices can be remotely accessed through backdoor intrusion, a method that involves bypassing authentication on a device. These vulns (vulnerabilities) were first discovered by the security firm late September, 2015, with market-level baby monitors such as Philips In.Sight B120/37, iBaby M3S/M6, TrendNet's Wi-Fi Baby Cam among the list of devices open to hackers.
The threat to family privacy remains as baby monitors become more advanced, equipped with movable cameras and microphones that record and send packets of data to parents or users, data which can then be intercepted by malicious attackers. What's more worrying is how these sets of live-fed data can be streamed online, just like the news of Russian website Network World which allowed users to view over 73,000 camera feeds from exposed baby monitors.
Almost nothing has changed since, as baby monitors today are still open to attack. As cited on Krebson Security, with the release of the Internet-of-Things botnet named "Mirai", more wirelessly-connected devices are open to cyber attacks. Botnets are remote networks or clusters of networks which are made up of remotely-controlled, automated programs called "bots". Computers and other devices are infected through malware normally distributed through downloads.
Some solutions to this threat are as simple as changing the default passwords that come with the devices. This greatly improves your device's security because most of these attacks are done by crawling through default password lists from a manufacturer's database.