Baby monitors – an unexpected employer risk

One research firm says the “harmless” home gadgets could pose a serious security risk to employer networks.

Over the past few years, employees have increasingly identified flexibility as the most desirable workplace perk  and just one of the ways HR leaders have responded is with bumped-up maternity and paternity packages.

Now, it seems there may be a hidden risk to letting doting new parents work from home – baby monitors.

In a recent report, Rapid7 – a Boston-based security data analytics company – reviewed nine models which let users check-in via a smart phone or other device. All were found to have critical vulnerabilities.

The researchers, who spent several months analysing the devices, then scored them on a 250-point scale for overall security and translated the scores into standard academic grades. Eight of the models received an F and one got a D.

According to the report’s authors, these weaknesses have the potential to expose employer networks to hackers – in turn leaving valuable and sensitive data unprotected.

The Rapid7 report stresses how shaky security is when it comes to physical electronic objects embedded with electronics, software, sensors, or connectivity – often referred to under the umbrella term ‘the Internet of Things.’

"IoT devices, unlike traditional computers, often lack a reasonable update and upgrade path once the devices leave the manufacturer's warehouse," wrote Mark Stanislav and Tod Beardsley, adding that the networks such devices are connected to are rarely used to deliver security patches.

This, they warn, is a serious problem.

Since many homes now double as second workplaces, those weaknesses are not only putting personal data at risk, but organizational data.

“We advise individuals to use any camera that has not been fixed for identified issues or weaknesses sparingly—or preferably not at all—until the vendor is able to fully address identified problems," the researchers wrote in an FAQ.

"If a baby monitor allows a password to be changed, the device owner is highly encouraged to ensure that they do so and make a strong password to protect access,” they added.

The models reviewed included:

·         Gyonii (GCW-1010)
·         iBaby (M3S)
·         iBaby (M6)
·         Lens (LL-BC01W)
·         Philips (B120/37)
·         Summer (28630)
·         TRENDnet (TV-IP743SIC)
·         WiFiBaby (WFB2015)
·         Withing (WBP01)