Weak Baby Monitor Security Subject of FTC Internet of Things Study

King & Spalding

On January 19, the Federal Trade Commission posted the results of a small study of baby monitor security, finding that four out of five devices tested did not have basic security procedures in place.  The FTC warned that such weak security could allow a stranger to hack the video feed and see inside the home.  The baby monitor study is the FTC’s latest foray into the Internet of Things (“IoT”) under the Office of Technology, Research and Investigation, which was launched in 2015.

The FTC notes that of the five monitors studied, only one required a complex password.  Three of the five did not lock down the device after repeated incorrect password attempts.  Two of the five did not encrypt the data flowing between the monitor and the router and one did not encrypt the data flowing between the router and the internet. 

These vulnerabilities could allow a stranger to intercept video and audio signals to peer inside the homes of unsuspecting parents.  Indeed, there have been several incidents in the past few years in which attackers used internet-enabled baby monitors to scream obscenities at toddlers or parents (reported here and here, for example).  It is quite possible that many more incidents of baby monitors used silently as cameras have gone unnoticed.

The FTC post gives consumers tips on how to choose a baby monitor with adequate security, but did not identify the brands that were tested.  There is no indication that the FTC is considering enforcement against any baby monitor manufacturers, but the Commission’s continued focus on the IoT is notable.  The post follows closely on the heels of the FTC’s first PrivacyCon event in Washington, DC, during which Chairwoman Edith  Ramirez’s opening remarks focused on “[t]he new generation of products we see in the marketplacefrom smart appliances to connected medical devices to semi-autonomous cars….”  Companies that manufacture internet-connected devices should continue to monitor FTC activity in this area while ensuring that their own products utilize appropriate security procedures.

Reporter, Tom Randall, Washington, DC, +1 212 556 2195, trandall@kslaw.com.

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.