What if you weren't the only ones keeping tabs on your child?
This agonizing question is raised by the work of cybersecurity experts at SafetyDetectives: they discovered that the video content of many baby monitors and surveillance cameras was accessible live on the Internet because of a vulgar security flaw in the design of the devices.
It particularly affects cameras which can be viewed remotely via an application.
During their investigations, in particular on the open ports search engine Shodan, the researchers came across the video streams of tens of thousands of connected cameras around the world, notably in France, Japan and the United States.
Screenshot of a camera accessible from the Internet.
"Many baby monitors and surveillance cameras, all brands combined, use Real-Time Streaming Protocol (RTSP) to broadcast live video, and poor configuration makes it vulnerable and insecure in many cases", assure us researchers affiliated with this antivirus comparison site.
"RTSP is a real standard in the connected camera industry which must be protected by a password but manufacturers are not always aware of it in their factory configuration", abounds Alex Balan, research director in security at Bitdefender Labs.
The entry level more concerned
"The cheapest models, around € 30, are more exposed because the big brands have their own proprietary protocols and employ specialists to secure their models as much as possible with a solid identification", underlines the expert.
This is where the shoe pinches: the lack of a default password on some cameras, which therefore broadcast without filter.
To be sure, it is not enough to look on the box of your baby monitor, it is necessary to follow several verification steps, fortunately very simple.
First point: unless a hacker or a malicious person has already infiltrated your home wi-fi network, you are not exposed to this risk of intrusion if the baby monitor is not available when you are at home. outside.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
How Hackers Can Take Control of Your Connected Camera
For those who like to watch what's going on in their toddler's room, you have to ask yourself two questions: do you need a password or to authenticate yourself each time the video is viewed and did you have to create a password? personalized password when you first log in?
If both answers are negative, the baby monitor's RTSP video stream is probably freely accessible on the Internet ...
So much for the theory.
But in fact, greedy hackers are more interested in the prospect of transforming this connected object into a "botnet", in order to mine cryptocurrencies or carry out cyber attacks, than by that of observing the slightest movements of a sleeping child.