Baby Monitors, Baby Products Safety Hazards

Unsafe/Vulnerable Baby Monitors Apps Exposed

Sandra W Bullock

This website is reader-supported. When you click on links, we may earn a small commission at no additional cost to you.

Free Vulnerable Baby Monitor Apps

If you are concerned about the safety of baby monitor apps, you are not alone. Cases of baby monitors and apps getting hacked and compromised have been reported in recent years, causing alarm for all parents who are considering purchasing these devices.

I previously wrote about the 8 simple steps to hack a baby monitor used by hackers who take advantage of these vulnerable apps.

A recently published research report in the Journal of Cybersecurity and Privacy, titled “Assessing the Security and Privacy of Baby Monitor Apps,” conducted by Lukas Schmidt and his team, aimed to evaluate the security and privacy aspects of popular baby monitor apps. The report, released four months ago in June 2023, delves into the assessment of these apps’ security and privacy features.

Below is a snapshot of the report:

Report Assessing the Security and Privacy of Baby Monitor Apps
A snapshot of a Report Assessing the Security and Privacy of Baby Monitor Apps

4 Vulnerable baby monitor apps exposed

The four apps listed below have accumulated over 3 million downloads on the Google Play Store. Unfortunately, this also indicates that countless parents have unknowingly compromised their children’s safety.

  • Dormi – Over 1 million downloads with over 16,000 users giving it an average rating of 4.5/5
  • BabyCam – Over 1 million downloads and an average rating of 4.4/5 by over 24k users (this is the app that they found to lack encryption)
  • Saby app – Over 1 million downloads on the Google Play store with an average rating of 4.3/5 by 24k users.
  • Babyphone Mobile – Over 100k downloads with a 3.5/5 average rating on Google Playstore.

Security Vulnerabilities identified in baby monitor apps:

Lack of encryption:

The researchers assessed baby monitor apps readily accessible for download on the Google Play Store. Their findings revealed a critical security concern during dynamic network analysis: certain apps, like The Babycam app, fail to encrypt video streams when transmitting footage over the internet. This poses a significant risk to the privacy and security of users.

In layman’s terms when the app doesn’t encrypt the data, it’s like sending a postcard for everyone to see. Anybody, with even trivial technical knowledge and an internet connection, can intercept and access sensitive information without much effort.

Use of primitive security systems:

The Report also revealed another vulnerability: the utilization of cryptographic primitives in computer security systems. These cryptographic protocols include but are not limited to, one-way hash functions and encryption functions that can be easily bypassed. For example, the use of MD5 and SHA1 hash functions, as well as PKCBS5 padding, is widely recognized as posing significant security risks. The outdated security protocols used by some baby monitor apps make them easy targets for hackers.

To put it simply, cryptographic primitives are the building blocks of security systems. When these primitives are weak, it’s like having a faulty foundation for your house; eventually, it will collapse.

Use of raw SQL queries:

The Report also uncovered that some baby monitor apps use raw SQL queries and user-controlled code in webview implementation This means that attackers can easily manipulate the data and access sensitive information such as login credentials, video feeds, and location data.

To clarify how raw SQL queries work, imagine a key that can open any door. If an attacker gets their hands on this key, they have unlimited access to all the rooms in your house.

Lack of authentication:

During the analysis, the team also identified several security issues in the establishment of secure channels, correct peer authentication, and authorization mechanisms.

To put this into perspective, imagine having a lock on your front door, but anyone with the right key can open it without any questions asked. This lack of authentication leaves baby monitors vulnerable to unauthorized access and potential hacking.

I recently wrote about our retraction of Wyze Cam as an unsafe monitor as hackers could bypass the inbuilt authentication systems in place.

Conclusion:

In conclusion, the use of weak cryptographic primitives, raw SQL queries, and lack of proper authentication make both wifi and non-wifi baby monitors unsafe for use. Parents must research and invest in secure baby monitors that use updated security protocols and have robust authentication mechanisms.

Final Word: Most baby monitor apps are not safe:

While the study didn’t get to study all available apps for Android and iPhone devices in detail, the researchers concluded that the apps that have over 500,000 cumulative downloads have various serious security vulnerabilities and are not safe.

Below is a quote from the Report’s conclusion:

“Although we expected a high level of security and privacy protection due to the privacy-sensitive domain of baby monitoring, this study discloses several security and privacy issues in the most popular baby monitor apps on the Google Play Store…….there are no essential security mechanisms in some of the mobile apps examined, threatening user privacy”

What this tells you as a parent:

  • Do not rely on free baby monitoring apps. They are mostly built with weak security infrastructure.
  • Invest in a secure baby monitor that uses updated security protocols and has robust authentication mechanisms.
  • Ensure that the app you download on your phone – for baby monitoring or otherwise specifically states that it encrypts data
  • Do thorough research before purchasing a baby monitor and pay attention to the security features it offers.
  • If you are getting a baby monitor app that comes with a physical camera, make sure it states that it encrypts data.
  • Go for baby monitors with WiFi that guarantee at least AES 128 bit encryption but preferably AES 256-bit encryption level.
  • Insist on 2-factor authentication for any monitoring app – baby monitor or home security systems.
  • Keep all your devices, including your baby monitor, updated with the latest software updates. This helps ensure any security vulnerabilities are patched timely.