This is why I went with an IoT network in my house, that doesn't have access to the outside world (ingress or egress) except through a carefully controlled firewall.
And as of right now, the only 2 things that go through that firewall are the nest thermostat (yeah, it's pretty and hasn't given me any trouble, so i'm happy with the tradeoff here), and the google homes (again, another tradeoff myself and my family are comfortable making).
Everything else is on that network without access to the "internet" directly, with WPA2 encryption for protection against local eavesdropping, and pushed through an open-source home-automation controller called "Home Assistant" running on an intel NUC served up over HTTPS to our devices.
I don't have any baby monitors yet (no babies!) but we do have cameras and with this system they work great and I sleep pretty well at night knowing it's all secure enough that i'm happy buying cheap devices knowing the security is garbage.
The problem with these devices is that they want to communicate via a vendors server, so a firewalled network will certainly improve security, but will massively reduce usability.
I wonder if a proxy device with some smarts regarding data transmission patterns (learned from when a device is newly added to the network) could provide some security.
Get a new device, plug it in to a locked-down network that passes all packets through a deep packet inspector connected to some ML. Add in proxy features so if the vendor turns off their service, your personal network MitM can mimic the server on the other side.
I doubt this is feasible due to the fact that consumers clearly value "it just works" (implying simplicity/less security) over secure/private. (And probably a bunch of other factors I'm not thinking of.)
And as of right now, the only 2 things that go through that firewall are the nest thermostat (yeah, it's pretty and hasn't given me any trouble, so i'm happy with the tradeoff here), and the google homes (again, another tradeoff myself and my family are comfortable making).
Everything else is on that network without access to the "internet" directly, with WPA2 encryption for protection against local eavesdropping, and pushed through an open-source home-automation controller called "Home Assistant" running on an intel NUC served up over HTTPS to our devices.
I don't have any baby monitors yet (no babies!) but we do have cameras and with this system they work great and I sleep pretty well at night knowing it's all secure enough that i'm happy buying cheap devices knowing the security is garbage.