Privacy Nightmare: When Baby Monitors Go Bad

By on June 29th, 2017 in Editorial & Opinion, Ethics, Magazine Articles, Privacy & Security

A secure crib and a baby monitor are on the “must-have” safety checklist for many new parents. But when you tuck Junior in for the night, you never imagine waking to a scene straight out of The Twilight Zone: a foul-mouthed baby camera with a life of its own.

This is exactly what happened to Adam and Heather Schreck last spring when they awoke in the middle of the night to screams of “Wake up, baby!” streaming from their daughter’s bedroom. The couple rushed to their 10-month-old’s crib and realized the voice was coming from the IP camera they had trained on their baby to ensure her safety.

Then things got even creepier.

The camera rotated to face Adam, and a voice started screaming obscenities. Adam realized the camera was controlled by a hacker and pulled the plug [1]. (Note: cutting power to the camera was the wrong move because it erased forensic data.)

Unfortunately, the Schreck family’s experience wasn’t isolated. In August 2013, a Houston family using a similar IP camera awoke to find their two-year-old being verbally assaulted by someone yelling obscenities [2].

These incidents occurred because parents were using IP cameras.

What is an IP camera? The “IP” stands for Internet Protocol, as in an IP address. Cameras, computers and other devices on the Internet transmit an IP address so other Internet-connected devices know where to deliver content. An IP camera enables a legitimate user, like a parent who wants to monitor a sleeping baby, to stream audio and video to another device, like a smartphone. But this same remote accessibility can be exploited by a hacker.

Baby monitoring systems and home security cameras aren’t the only types hackers target. IP cameras in offices and public places can also be compromised if they aren’t properly secured. The Daily Mail recently found they could access numerous camera feeds not only of children, but also the elderly and sensitive assets, like cash registers [3].

If you own an IP camera, take the following precautions to reduce the chances of getting hacked:

  1. Change the default password. Many cameras come with a simple and standard password to make it easy for the new owner to stream audio and video to a computer or other remote device with minimal set up. Hackers know this and exploit the vulnerability.
  2. Set unique, strong passwords for all your home devices. Computer guru Kim Komando has some great tips [4].
  3. Update your camera’s firmware. Camera manufacturers often provide updates when they find an exploitable weakness. Visit the camera’s website occasionally to see if they have any updates.
  4. Set your devices not to broadcast their SSID. This step makes your devices less visible to the public (but admittedly won’t slow down a dedicated hacker). The SSID is the device name that broadcasts, showing that a wireless connection to it is possible.

Note that implementing new security protections will make your camera less vulnerable, but there’s still a chance it could be hijacked. A sophisticated hacker could not only violate your privacy by turning your webcam on you and your loved ones, but could also commandeer your network and make your camera a slave bot to carry out additional exploits.

The very best way to keep your IP camera from being turned on you is to not have it turned on in the first place. Use one if you must, but think very carefully about the potential damage that could be done when you click the “on” button.


This article has been adapted from Katherine Albrecht, Liz McIntyre, “Privacy Nightmare: When Baby Monitors Go Bad,” Sept. 26, 2014;


Katherine Albrecht

Liz Mcintyre