As a kid, i used to use my ancient portable phone to walk down the street and tune into other phones, and baby monitors. I remember one mother always singing itailian sounding songs to quiet her child and found it touching. Then I realized I was basically peering in to the private lives of those around me to a weird level. Things later went digital, more consumer spectrum opened up, and these 'hacks' largely stopped working. I had moved on to computers by that time.
I was literally about to say.. sometimes the dumb ones are actually worse as many of them are transmitting the sound and video over the air with no encryption either :)
I imagine probably 99% of them are but I don't have any research to actually back that up.
Many use the DECT Standard that was developed for mobile handsets. It’s not high security, but it’s also not plain text.
They’re also not networked, so an adversary would have to get into range, making a potential attack much more complicated. It certainly won’t defend you from a targeted attack, but it will keep $random_person_on_the_internet reliably away and I don’t have to rely on $companies server/network security.
Exactly... there are many things for which not being connected to the 'net increase security a lot. You decrease the pool of crazies and crooks. However, once a stalker is interested in spying on your house... physical proximity isn't so much of a barrier.
"We begin by coveting what we see every day... Clarice"
I live on the fourth floor and the reception from my (audio only unidirectional) baby monitor doesn’t reach to the ground floor. So the stalker would need to be in one of the adjacent flats. Not an insurmountable barrier, but one that I feel comfortable with, since all I need protecting is baby babble.
This is why I went with an IoT network in my house, that doesn't have access to the outside world (ingress or egress) except through a carefully controlled firewall.
And as of right now, the only 2 things that go through that firewall are the nest thermostat (yeah, it's pretty and hasn't given me any trouble, so i'm happy with the tradeoff here), and the google homes (again, another tradeoff myself and my family are comfortable making).
Everything else is on that network without access to the "internet" directly, with WPA2 encryption for protection against local eavesdropping, and pushed through an open-source home-automation controller called "Home Assistant" running on an intel NUC served up over HTTPS to our devices.
I don't have any baby monitors yet (no babies!) but we do have cameras and with this system they work great and I sleep pretty well at night knowing it's all secure enough that i'm happy buying cheap devices knowing the security is garbage.
The problem with these devices is that they want to communicate via a vendors server, so a firewalled network will certainly improve security, but will massively reduce usability.
I wonder if a proxy device with some smarts regarding data transmission patterns (learned from when a device is newly added to the network) could provide some security.
Get a new device, plug it in to a locked-down network that passes all packets through a deep packet inspector connected to some ML. Add in proxy features so if the vendor turns off their service, your personal network MitM can mimic the server on the other side.
I doubt this is feasible due to the fact that consumers clearly value "it just works" (implying simplicity/less security) over secure/private. (And probably a bunch of other factors I'm not thinking of.)
> I was literally about to say.. sometimes the dumb ones are actually worse as many of them are transmitting the sound and video over the air with no encryption either
Many of the smart ones both broadcast like the dumb ones and, separately, send a signal on wifi to a central server for online viewing, so they fully incorporate the problems of the dumb ones.
I didn't document it, but the baby monitor we used just transmitted raw FM audio at ~900Mhz. You could listen to it with SDR# no problem. It wasn't one of those fancy video kinds though, just an old fashioned audio only monitor.
When I bought a baby monitor I made sure it was dumb, because why would I trust some random company with data from a camera in my house?