The New York City Department of Consumer Affairs is investigating the security of baby monitors; nearly five months after research demonstrated the existence of serious vulnerabilities in them. The agency sent subpoenas to several manufacturers of these video monitors this month in order to learn more about the devices, the security practices surrounding them, and whether all known vulnerabilities in them have been patched. The DCA wouldn’t confirm which companies it’s subpoenaed.
The subpoenas follow the September release of research from cyber security firm Rapid7. Mark Stanislav and Tod Beardsley identified nine different baby monitor devices as open to attacks or containing at least one serious security oversight, including the transmission of unencrypted video data. The researchers blamed a flagging bug disclosure program and patching system as the major faults behind these vulnerabilities existing for prolonged periods.
An unpleasant reality of connected-devices is that creepy hackers will attempt to find their way into most anything, and one such product of that is the creation of multiple websites for the sole purpose of live streaming footage of children’s’ rooms. As such, the DCA reminds parents to do thorough research on devices before purchasing one and to use a strong (non-default) password. It also suggests registering the products, keeping them patched, and always turning them off when they’re not in use.
Credits: the verge