One would think the bed of a family’s most vulnerable member — a baby — would be safe from cybercrooks wanting to steal personal data.
Well, that’s not true.
FortiGuard Labs, which operates a cybersecurity data centre in Burnaby, has found at least one baby monitor that has crawled into cribs.
“In September 2021, we noticed attacks attempting to exploit a remote code execution vulnerability in Motorola’s Halo+ Baby Monitor,” the company said in its Global Threat Landscape Report released in February. “The attacks that followed allowed actors into one of the most intimate parts of people’s homes via full access to the baby monitor’s display device, camera, accompanying app, and data shared between the devices."
Derek Manky, FortiGuard’s chief security strategist and vice-president of global threat intelligence, said the issue resonates on the privacy protection front.
“It’s a baby monitor today; what’s tomorrow?” he asked.
The Motorola model had a remote access flaw, the reported noted.
One might argue it’s just a baby monitor and that the baby has nothing to hide.
But Manky said the monitor could be used as a jumping-off point; crooks use it to gain access to other home devices that are connected across the home computer network. The cyber expert pointed to phones, watches, fridges, toys, medical sensors and doorbells being hacked.
With the surge in home-based work due to the COVID-19 pandemic, the number of home devices has also surged, broadening what is known as the "attack surface" that cybercrooks can target, Manky added.
Manky stressed not using default passwords on such devices. Change them, he said.
And make sure companies providing such devices have software upgrades and patches to fix vulnerabilities fraudsters can use to get into your home systems.
One thing people can do is use the segmented zones on routers. Use a variety of zones to isolate your devices, he explained.
