Nanit Hacking & Other Baby Monitor Hacking Stories

Stories Of Hacked Baby Monitors 2009 to 2022

Analysis of several stories of hacked baby monitors covered by CNN, FOX, NBC, BBC & Washington Post, among others.

Wondering how often baby monitors get hacked? Very often.

In fact, one study showed that it only takes about 98 seconds to hack an unsecured baby monitor that uses Wifi.

Let’s start discussing with some of the biggest brands

Can Nanit be Hacked?

Unless your home network is not secured, it is very difficult to hack Nanit baby monitor as it has AES 256-bit symmetric-key encryption, the highest level available for baby monitors. The advanced encryption standard of the Nanit baby monitors makes it hard for hackers to get access to its signals. The AES stands for Advanced Encryption Standard and it was introduced in 2001 and the great thing about it is that only the key that encrypts the data is the only key that decrypts it. A few other baby monitors have this advanced encryption standard.

It has become way too common to hear news stories of baby monitors getting hacked. This comprehensive analysis of vulnerable and hackable baby monitors details most of the reported hacking incidences since 2009 and will inform you on how you can be safe.

Most of the recently hacked baby monitor brands such as Nest, Fredi, and Summer Infant are wireless wifi baby monitors. These digital devices transmit their data using E801 protocol that hackers can access if the voice and video signals from the baby camera are not encrypted.

Buy on Amazon

Nanit Pro Smart Baby Monitor & Wall Mount – 1080p Secure Wi-Fi Video Camera, Sensor-Free Sleep and Breathing Motion Tracker, 2-Way Audio, Sound and Motion Alerts, Night Vision, Includes Breathing Band

Buy on Amazon

List of Hacked Baby Monitors Since 2009

Here are is a list of horrifying hacked baby monitors:

Hacking is one of the risks associated with owning a baby monitor. There are other risks though and if you are still wondering whether baby monitors are safe, you can read our baby monitor safety guide.

Fredi Baby Monitor Hacked – A South Carolina Mom Says

The story reported by NPR in June 2018 describes a 24-year old mum from South Caroline, Jamie Summit who woke up only to realize the baby monitor camera pointed right at her. The camera moved back and forth and she realized on the phone that the camera was panning across the room. The baby monitor involved was Fredi baby monitor.

A hacker was controlling the camera remotely. The story is really scary as the mother and the child may have been spied on for a number of days without their knowledge. The hackers were able to control the camera of her Fredi Wi-fi Baby Monitor, a monitor with warranty information specifically mentioning that their device does not put “personal information at risk”. SEC Consult, a vulnerability Lab conducted tests on Fredi wifi baby monitor and found flaws that allowed attackers to remotely connect to the device and control the camera without authentication.

Apparently, the baby monitor’s feed could be accessed online with an 8-digit device number/ID and a default password.

As you can see from the picture of Fredi, alongside, the device IDs are not secure at all. You can see the ID and the password is just ‘123’. I think it is worth noting that Fredi Wifi Baby Monitor is retailing at a significantly low price (check price today). The Chinese company that provided the firmware for Fredi baby monitor also manufacture generic home, mini and outdoor cameras. I could not locate any information about whether there have been improvements on Fredi Wifi baby monitor and whether they’re now safe from hackers.

Below is a post that Jamie wrote following the Fredi monitor hacking

Nest Baby Monitor Hacked: Child Threatened with Kidnapping

CNN and Washington Post reported a hacker who manipulated a Nest camera that Ellen and Nathan Rigney use to monitor their 4-month-old son on Dec. 17 2018 in Houston, Texas. This story was reported by Washington Post and it was one of the many cases where Nest Cameras have been manipulated. The hacker told the mum “I am in your baby’s room.”

Chicago Tribune reported another story of Nest baby monitor hacking in February 2019. The hacker, a male with a deep voice was speaking to the baby. Another popular story of Nest camera hacking is that of a Phoenix man speaking with a Canadian hacker over a Nest cam (View count: Over 200,000).

Nest’s Response To Hacking Incidences

Nest responded to home security hack incidences such as the two above in February 2019. In relation to the hacking of Nest Cam IQ and Nest Secure, it responded indicating that there hasn’t been a ‘grand hack of the company’, and below is what part of the email it sent out to customers:

“For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently. “

Nest Email

Nest indicated that the stories of hacked Nest cameras are not Nest’s fault but customers’ faults. They quoted cases where parents had reused account passwords. Nest additionally mentioned that they pro-actively disable access to accounts that have been compromised. The nest itself claims that its data is encrypted but the signal can fall in the wrong hands if the login credentials are compromised.

In a 2017 update, Nest added 2-factor authentication aimed at preventing third-party hackers from hacking the Nest camera or the Nest thermostat. Although it was initially optional to opt for the 2-factor authentication, new accounts being created now require users to set it up. With 2-factor authentication, a numeric code is sent to the cell phone associated with the account. This, of course, relies on the notion that you, the real owner would have sole access to the phone. Nest is currently one of the best-selling Google Home baby monitors of 2019 and has sold over 11 million units since 2011.

How to Secure Nest Camera From Hacking

1. First make sure you change the router name, your network name, and the network password.
2. Change your camera password
3. Activate WPA2 encryption protocols on your router. We propose that you set up a guest account and your main account. You can use the guest account to enable you not to disseminate your main password far and wide. Consider getting a VPN service or purchasing a mesh system which makes it easy for you to know the devices that have access to your network.
4. Nest uses AES 128-bit encryption and Transport Layer Security (TLS) to connect to the cloud, high-level encryption that many institutions use, including NIST.
5. Update firmware regularly

Man Sues Summer Infant for Hacked Baby Monitor

In 2009, The Wired reported of a man called Wes Denkov who proposed a class action lawsuit against Summer Infant, manufacturer and Toys ‘R’ Us, the retailer. Wes had realized that his camera feeds were showing up on a neighbor’s baby monitor whenever it was set to the same channel. The particular brand of baby monitor appears to have been removed from Summer Infant’s website. The newer version of Summer Infant baby monitors appears at the moment. The Summer Infant video baby monitor that was hacked had cost Wes under $100 according to the new article.

Foscam Baby Monitor Hacked – A foul-mouthed hacker scare a baby

In 2013, CNN reported a story of a hacked baby monitor in Houston, Texas. The couple Marc Gilbert and his wife heard voices coming from the baby’s room. The hacker called the baby by her name and harassed her, and her parents, with insults and profanity. Fortunately, the baby didn’t hear a thing as she was born deaf.

Foscam IP Camera Hacked, Hackers Wakes Up Baby

In April 2014, Fox News (Fox 19) reported a couple in Cincinnati, Ohio who felt violated after a hacker hijacked the baby monitor and woke up the baby by screaming at her. Heather and Adam Schreck were woken to hear a man screaming “wake up baby.” Watch the moving interview of the terrified mum below. The child, Emma was 10 months old at the time. This story has been watched more than 670,000 as of this publication.

MiSafes Camera Hacked

Gizmodo (UK) reported a story in February 2018 of a hacked Misafes security camera. The camera is currently not available on Amazon as you can see here

Motorola Focus66 Hack

In 2016, researchers managed to hack Motorola Focus 73 and Motorola Focus 66 and they managed to get access to control features of the camera including full control of the pan-tilt-zoom were able to redirect video feed and movement alerts.

Motorola wifi baby monitors and cameras are products of Binatone Global, the current owner of the Motorola brand. Motorola baby monitor users including FOCUS 66 and FOCUs 73 users have cloud connectivity via Hubble App that hosts its data in the Amazon cloud. Among the features that Motorola cameras give you are remote controlling of the camera and users can choose to get phone push notifications.

The researchers found out about the Motorola baby monitors that were hackable:

“The private Wi-Fi security key is transmitted unencrypted over an open network, using only basic HTTP Authentication with username “camera” and password “000000,” while a number of legacy webpages on the camera revealed that the device is based on the same hardware as a legacy baby monitor product.

With detailed investigation, the researchers obtained root access to the camera—the root password was “123456.” Further digging provided access to the home network Wi-Fi password in plaintext as well as factory wireless credentials for secure test networks. “

Infosecurity Magazine

The Extent of Video Baby Monitor Hacking

In 2014, Russian based hackers streamed thousands of online videos from baby monitors, home security cameras and webcams online. The videos were from over 100 countries and this showed the extent of baby monitors vulnerability and prompted the US and UK governments to respond, warning parents to adhere to security protocols that would safeguard their privacy.

Is it easy to hack a baby monitor?

In 2016, Rob Graham showed how it only took 98 seconds to hack and get access to the video feed of a baby monitor. That’s less than 2 minutes! A year later, in 2017, a data security firm, Rapid7 released a vulnerability report of nine baby monitors that could be easily hacked.

In 2016, a New York State Consumer Agency warned parents to set their passwords instead of using default passwords to secure their baby monitors.

Baby monitors allow parents to watch and listen to their baby at the comfort of their home or workplace but perverts can also enjoy watching, listening or even speaking to your kid. Apart from watching your baby, hackers can also watch your entire house and robberies and online data leaks have been reported because hackers can take your personal details to facilitate a crime.

Watch this Netflix documentary about a pervert who just enjoyed watching other people:

How Hacking Works:

If you are trying to hack a baby monitor, you’re simply trying to get access to signal between the baby unit and the parent unit in order to use the control features of the camera or the microphone and/speaker to talk to the baby. Smart wifi baby monitors, which tend to feature a camera, microphone and speaker, pass live feeds through a user’s wireless router and over the Internet in order to be seen by parents remotely on a smartphone or other dedicated display unit. Without adequate security protections in place, hackers can use the camera and microphone to spy on babies and use the speaker to communicate with them.

Baby monitors have evolved from when transmission entirely relied on radio frequencies to the current over-the-internet signal transfer. In the past, radio transmitters were paired with a receiver with very low frequency  (no more than 2.4 GHz) and it limited the range of signal transfer thereby limiting eavesdropping.

The biggest advancement that baby monitors went through was the addition of video. This allowed parents to not just hear sound from the baby’s room but also view the baby. Other features were added such as night vision to make possible for parents to even view their babies when they are asleep at night.

With the emergence of the internet and smartphones, the parents can now view their babies from anywhere as long as they were connected to the internet and this is where the vulnerability came in. You may wonder who would want to hack a baby’s camera but if the recent events have taught us anything, it is that criminals take advantage of the tech loopholes to steal personal information, invade in parent-child privacy and try to communicate directly to kids.

4 Steps to Hack a Baby Monitor

In order to get access to your baby monitor feeds, the hackers do the following;

1. Get a baby monitor that uses 2.4 GHz frequency. The 2.4 GHz frequency is an unlicensed frequency band and there are many devices that use the frequency. The hackers really just need the receiver of the baby monitor (or the parent unit).
2. Once they’ve got your baby monitor, they power it using the batteries of the AC power. Most unsophisticated hackers set the account on their baby monitor to default as this will match with those of several other parents who opt for the default account created by the manufacturer for purposes of support.
3. When they’ve powered the monitor and the account is now active, they then try to scan to find a baby monitor that can pair with their receiver. Most baby monitors that use the 2.4 GHz frequency will pair with the receiver.
4. Once they find an unsecured baby monitor, they click “pair’. Depending on the receiver they are using it may give them access to remotely control the baby monitor in the baby’s nursery. They can adjust the camera viewing angle and if the baby monitor has two-way talk-back feature, they can even speak to the baby or the parent in the nursery. Some hackers have woken up the baby while others have disturbed the baby almost all night that the baby doesn’t get any sleep.

How to hack into a wireless security camera

• Power your receiver
• Scan the network on 2.4 GHz frequency to find unsecured security camera – You can walk around your neighborhood
• Once the receiver finds the security camera, click ‘pair’
• It should take a few seconds to pair. Once paired, see if you can control the camera

Ip Camera Hack List

• Axis.
• Panasonic.
• PanasonicHD.
• Linksys.
• Mobotix.
• Sony.
• TPLink.
• Foscam.

How to know if a baby monitor has been hacked

1. Check your camera and see if it rotates abnormally – If you had installed the camera to face your baby and all of a sudden, the camera is facing you (instead of your baby) consider disconnecting your baby monitor as hackers may already have access.
2. Check for any unusual voices from the microphone in the camera – You can expect only the voice from your baby but if the transmitter unit microphone has some voices, it is possible your baby monitor is being hacked.
3. The music coming out from the baby monitor – Some hacked choose to play music to the baby once they get access. A popular story described a hacker who played the song, ” before the parents realize that the baby monitor got hacked and someone had been playing music to the baby.
4. Check if the security settings have been changed – Some hackers get access to your baby monitor and change your current security setting to default, making it easy for them to use the default password and control the camera. The best way to know if the account has been set to default is to check your baby monitor settings.
5. Is there a blinking LED light? Random blinking of the baby monitor could mean that some unusual operation is happening in the background and you mean need to reboot your baby monitor and change the password.
6. Use an online search engine scanner such as Shodan Search Engine. Shodan is able to capture images from the baby monitor if the baby monitor lacks enough security measures by using a bot to trawl the internet looking for cameras that use Real Time Streaming Protocol. If a baby monitor does not have a password protocol, the images from the baby monitor will be available for Shodan.

What hackers can do after accessing your baby monitor

• Play music
• Speak to your baby
• Speak to you – If the hacker notices that you are looking at them, they may decide to speak to you. Some hackers have even threatened to kidnap the baby
• Stream and watch videos of your baby
• Scare the baby

10 Simple Steps to Secure Your Baby Monitor From Hackers

Below is a list we have put together here at 10BabyGear to assist you to be safe from baby monitor hackers. As explained, hackers are keen to hijack the camera signals especially on 128-bit encrypted baby monitors such as Nest Cam Indoor, iBaby M7, Fredi baby monitor, Motorola Focus66 and others.

Follow the 10 steps below to be safe from baby monitor hackers:

1. Always update your baby monitor firmware on time – Check if you have all the latest security features provided by the company. Since 2015, Rapid7 has been releasing vulnerability reports and mitigating steps to baby monitor manufacturers and it is possible that the company which sold you the device has been doing several security updates to stay ahead of hackers. As a consumer, make sure you are ahead of them by downloading the latest firmware. Most companies do the updates daily, weekly or monthly. For example, the firmware update for Motorola MBP854Connect takes place daily between 2 pm and 5 pm local time, provided there is no video and audio streaming. Check the company website of your manufacturer to get up to date information updates. Some baby monitor brands such as Eufy Spaceview you to reach email their customer support and request for an upgrade. This can be tedious and may leave you vulnerable or with a low-quality child monitor. You should always consider those baby monitors that can update its firmware automatically if it can connect to the internet. Read more about our updated baby monitor firmware update guide.
2. Delete any hidden or default account after purchase or during set up. – Most baby monitors come with hidden accounts that are meant to be used by admins or support. Hackers can get access to these accounts and it is important to make sure you delete them. Sometimes, it can be hard to notice them as they may be hard-coded but the best way to know if you are using a default (which may be a hidden account) aside from the one you set up is to always ensure you check the user name from your display unit.
3. Set up a strong password: Baby monitor hackers can get access to your baby monitor if they can guess the serial number of the device or if you are using a default password that is not encrypted. To make sure you change your password and use a strong, long password. Use a strong password and not “1234” or “abcd” or “baby”. Cameras that are shipped with baby monitors come with hardcoded credentials (backdoor accounts), accessible via the local web service, giving local application access via the web UI. These default credentials can be used by hackers to get access and it is advisable that you change the username and password as soon as you install the device. Also, make sure you set a very strong password by using at least 12 to 15 characters, using special characters and varied cases, never using full words such as PASSWORD, and never using personal information such as your name or keyboard patterns.  Avoid these, top ten weak common passwords that can be easily hacked.
4. Enable Stealth Mode feature on your firewall – The stealth mode will reduce the network visibility to potential hackers.
5. Turn Off default admin in the router settings – Make sure you are the only one who can access and adjust the router setting. You can do this by disabling the “admin via wireless” enabling you or anyone who has access to the router through the Ethernet to make any changes to the router settings.
6. Switch off your baby monitor when not using
7. Avoid buying pre-owned baby monitors
8. Register your product with the manufacturer
9. Secure your home network router – Make sure your internet router or modem is secure by changing the password and installing software updates. Routers mostly have a built-in firewall that can be used to provide extra security and you should consider enabling it.
10. Go for baby monitors with advanced security features – Purchase a baby monitor with advanced security (AES) features, including SSL/TLS encryption and WPA2-AES encryption. There are few baby monitors with those security features but FHSS baby monitors are non-wifi baby monitors that are considered almost 100% secure or hack-proof.

Steps Baby Monitor Manufacturers Can Do To Curb Baby Monitor Hacking

1. Implement stricter login credentials – When baby monitors are sold to consumers, most customers do not change the factory settings as they are not fully aware of the risk. Factory settings are very easy to hack if the default login credentials are not changed. We’ve seen above how a baby monitor was hacked in 98 seconds. It is however unfortunate that some baby monitors do not allow consumers to change the default settings. When hackers get access to publicly available keys, they can easily hack any device once they locate the camera address
2. Use advanced encryption of login keys – Baby monitor manufacturers are known to not follow the prescribed ways of transmitting login keys over the internet. While the worst companies publish login key online, some manufacturers that try to safely transfer login credentials to customers do not encrypt them. Most manufacturers do not follow the best practices such as code timestamp for verification and do not minimize unauthorized access to private keys.
3. Seal loopholes by releasing secure firmware updates – When manufacturers release firmware updates, hackers can take advantage of unsecured files to gain access to baby monitors. In fact, most of the firmware updates come in php files. These unsecured scripts can be infected with bugs and hackers can gain remote access to the baby monitors.

Can someone listen in on my baby?

Analog baby monitors allow hackers or anyone that has access and can listen in on your baby, as long as they use the same frequency as your baby monitor. Analog baby monitors are very prone to accidental broadcasts. DECT baby monitor and FHSS baby monitors do not have this problem. It is possible to secure the network but the software that runs your baby monitor may not be secure and may serve as access for hackers. Digital baby monitors transmit their signals using wireless digitally encrypted frequency. FHSS and DECT are the best options that have encrypted digital signals in transit.

Note: D-Link and Summer Infant have all been named in vulnerability lawsuits in the past.

Baby Monitor Vulnerabilities 

In 2016, Rapid7 released a report that disclosed 10 new vulnerabilities in baby monitors made by 9 different manufacturers. 8 of the devices tested scored an “F” and only one received a “D”. The report highlights that most devices suffer from the software, hardware and firmware issues mentioned in the table below;

1. Local communications are not encrypted
2. Remote communications are not encrypted
3. Data collected is stored on disk in the clear
4. A command-line interface is available on a network port
5. Local accounts have easily guessed passwords
6. Physically local attackers can alter the device

Companies Manufacturing Vulnerable Baby Monitors Susceptible to Hackers 

1. Philips N.V – Sells Philips In. Sight B120/37, a baby monitor with video. The device allows parents to watch their babies on iPhone via free App on WiFi/3G/4G network. This device has backdoor accounts that result from default accounts that are difficult to disable.
2. Gynoii – Sells baby monitors with video and it has the same vulnerability as Philips N.V. This device has backdoor accounts that result from default accounts that are difficult to disable.
3. iBabylabs – Manufacturers three products;iBaby WiFi M6 and M7 Baby Monitor 1080P Wireless Video Camera with Thousands of lullabies & Bed Stories, Motion and Cry Alert, Temperature & Humidity Sensors, Air Sensors, Moonlight Projector
4. Lens Laboratories – Manufacturer of Generation Ⅰ Peek-a-view 720p (1280*720) HD “Wifi” Wireless Baby Monitor Camera for iPhone, Ipad, Android Phone or Pc Remote View. This device has backdoor accounts that result from default accounts that are difficult to disable.
5. Summer Infant – Manufacturers Summer Infant Baby Zoom Wi-Fi Video Monitor and Internet Viewing System, Link Wi-Fi Series. In 2009, a man sued Summer Infant over Summer Infant’s weak security settings.
6. TRENDnet – Manufacturers of TRENDnet Cloud Baby Cam, IP/Network, Wireless, Video Monitoring, Surveillance, Secu Camera, Plug & Play, Two-Way Audio, Night Vision, Free app, 5 pre-installed Lullabies, MAC iPhone/Windows Android Compatible,TV-IP743SIC

All the devices above have one thing in common, they use wifi to transmit the signal. Some brands and technologies have formulated processes and developed software and hardware to make them more secure.

Which Baby Monitors Cannot Be Hacked?

I suppose the sub-heading, ‘which baby monitors cannot be hacked’ is misleading as all gadgets are susceptible but here is a list of baby monitors that are considered safe or less vulnerable from hacking. All the listed baby monitors below use FHSS 2.4GHz frequency, a spread spectrum that powered secret communication during WWII. These are our top picks.

1. Infant Optics DXR 8
2. Eufy Spaceview baby monitor
3. Babysenve video baby monitor
4. Motorola MBP36XL
5. Anmeate baby monitor
6. VTech VM3261
7. UU Infant Video Baby Monitor

Wifi Baby Monitor Hacked List

• Nest Baby Monitor
• Fredi Baby Monitor
• iBaby monitor

Baby Monitors to Avoid Purchasing :

• iBaby M6
• iBaby M3S
• Philips In.Sight B120/37 All Models
• Summer Baby Zoom Wifi Monitor and Internet Viewing System
• Lens Peak-A-View
• Gynoii
• TrendNet Wifi Baby Cam TV-IP743SIC

A set of unhackable baby monitors such as Infant Optics DXR 8 and Eufy Spaceview are some of the few options parents can rely on to keep the babies safe from hackers.

Conclusion:

If you are considering a baby monitor and don’t want to deal with the risk of getting hacked, consider getting any of these hack-proof non-wifi baby monitors that use FHSS technology. If you want to go with a wifi baby monitor, consider only purchasing those with the most advanced encryption, AES-256 bit encryption such as Nanit Plus, Miku baby monitor, Motorola Halo Plus, iBaby M7, and Safety 1st HD Wifi Baby Monitor.

• About the Author
• Latest Posts
• More info

Ashley Davis( Chief Editor/Product Testing Specialist )

Hi there! I am Ashley Davis, a mom of three kids and the editor here at Motherhoodhq.com. I have been a parent since 2011 and have been doing full-time consulting as a baby sleep expert since 2019. When I am not researching or testing the next baby gear hitting the market, you’ll find me teaching my toddlers a trick or two – especially over the last few months with the lockdown. I hope you’ll find my guides and reviews helpful as you make your next purchase decision. If you have any questions, you can reach me at ashley.d@motherhoodhq.com.

• Motorola Baby Monitor Troubleshooting Sound, Night Vision, Screen, Charging, Connection etc
• How to Babyproof Your Fireplace
• How to Design a Baby Nursery