Every couple of months, the news covers some prankster yelling at an infant or an unsuspecting nanny through a baby monitor by hijacking its RF signal or abusing vendor-default credentials over the web. As the rapid growth of the Internet of Things (IoT) continues, the capabilities of a predator or prankster to abuse baby-monitoring devices is increasing due to the usage of a complex mixture of platforms, protocols, and hardware. With many high-end baby monitoring devices on the market, how is the never-ending expansion of must-have features for parents being weighed against the threats posed by continually increasing attack surface to provide them? This presentation will discuss security research performed against nine of the most highly-regarded IoT baby monitors on the market today. Details of research methodologies and vulnerability findings will be presented to give attendees insight into what security flaws were found within the intricate combination of mobile applications, protocols, services, and hardware running these devices. Examples of potential remediations for identified flaws will be conveyed to help attendees learn the right way to handle similar situations in their own engineering efforts. Lastly, a custom scoring system will be used to help provide an apples-to-apples view of how each device faired in holistic security versus other assessed devices. Curious about how well your privacy and safety are being taken care of by IoT vendors? Interested in IoT security research and want to understand what flaws are being found in devices today? Want to spin your own IoT research but need a methodology and tools to get you started? Attend this presentation and become more aware of the risks facing your family and from the technologies powering our lives.

Back to GrrCON 2015 video list