Everyone probably knows by now that hackers can take control of your car and that OPM's systems are not a safe place to keep sensitive information. (DS&P recommends driving a pre-1990s vehicle and considering job opportunities outside of the federal government.) As if the world wasn't hackable enough, now we learn that our fancy Internet-connected baby monitors can be compromised.
Rapid7 Inc., an IT security company, recently tested nine baby monitors made by eight different companies and found serious security problems with all of them. Of the nine monitors tested, on an A to F scale eight received an F and one a D. Among other problems, some had unchangeable, publicly available passwords and some did not encrypt data streams. In addition, Rapid7 found that compromising a baby monitor could potentially give a hacker access to everything connected to a users wifi network, potentially permitting ne'er-do-wells to loop Celine Dion's latest album on your Sonos speakers, trigger the defrost on your Internet-connected fridge, and set off your new wifi ADT alarm system. They may also be able to access personal financial information stored on your home computer. For techies, parents, and especially techie parents, the full report is available online.
The study highlights the increasing data security risks posed by our interconnected homes. While the Internet of Things promises convenience and it might be (is) nice to check Jr.'s baby monitor from the bar or beach, it is important to recognize that every Internet-connected device in your home is a potential gateway that can be exploited. In the near future there will almost certainly be more robust security protocols for wifi-connected consumer products. But until then, beware your baby monitor.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.