In December, a Houston couple was in their baby’s room when they heard a voice coming from their baby monitor. They ran to their child’s room, turned on the light, fearing that someone was in the house. When they did, a voice beckoned them to turn the light off. It then told them it was going to kidnap their child.
Baby monitor hacking horror stories are far from unique. A couple in South Carolina experienced a similar situation this past June. In a more recent case, a couple heard expletives coming through their child’s monitor. All are illustrative of a growing trend: As parents invest in tech they believe will protect their families, the risk of hacking and security vulnerabilities goes up.
No one is more aware of the shifting landscape in home and family security than Theresa Payton. The former Chief Information Officer to President George W. Bush and CEO of Fortalice Solutions, she has spent her career advising companies on issues of security.
“Parents have the assumption that these devices should just be secure,” the mother of three says. “The fact is that these are still so easy to get access to.”
So how can parents keep their baby monitors from getting hacked? Payton offered a variety of tips to ensure the products parents use to keep an eye on their children are safe from prying eyes and typing fingers. “There are a few things that can be done,” she says, “and they do not require a security engineering degree to know how to do.”
According to Payton, the below advice applies to more than just baby monitors. Many electronics in the home now include cameras which need to be secured and updated regularly.
“A lot of this advice applies to any device that you could have around your family,” Payton says. “Be thinking of that as you’re setting up your nanny cam: there are other things that could be used to put your family under surveillance.” Here are here best practice tips for keeping your baby monitor secure.
Register Your Device
If there are security vulnerabilities discovered after a product has been released to market, the manufacturer may issue a recall or a patch — but you won’t hear about either unless you’re in contact with the company. “You’ll want to get that notice right away,” Payton says, suggesting register your product immediately before it’s overlooked and forgotten.
Be Sure Your Baby Monitor Has an Encrypted Connection
“The main thing I want everyone looking for is whether or not the manufacturer offers an encrypted connection,” Payton says. She explains that all the password protection in the world won’t be helpful if there is a massive national data breach for that company or device. Encryption ensures that even if hackers get footage, they won’t be able to see the details of it.
Shut off Baby Monitors and Security Systems Regularly
Once a week, Payton recommends that parents power down their surveillance cameras and power it back up. This action allows the devices to grab security patches and updates, installing them to correct any weaknesses while increasing efficiency. “It lets it become the latest and greatest,” she says.
Assign Your Baby Monitor an Email
Just after the unboxing, Payton says to assign your device its own email address. This way, should a primary email be hacked, thieves won’t have access to the systems.
Change the Factory Passwords
Often hackers will have records of factory passwords, and they will try every one in the hopes of gaining access to a neglected system. Head them off at the pass. “You need to change the password,” Payton says, emphasis dripping off every word.
Create a Strong Password
“If you take four random words and string them together, that often times is easier to remember and is still considered a strong password,” Payton says. “You will remember them better, but it’s not a sentence, it’s not your favorite sports team, and it’s something you’ve got a better shot remembering.” Back them up with any one of numerous great password managers.
Set Up Personal Alerts
Payton recommends setting up a Google Alert for your baby monitor’s company and model. That way, you can quickly get information on any major issues with the device on a large scale. It’s a set-it-and-forget-it means of protection, but one that will keep you updated on any security risks that might exist,