placed near by the child’s crib, and a receiver device called the “Radio Nurse,” to be placed in a
location near the parents or guardians.
The idea of a baby monitor seems so natural that, if it weren’t for the inspiration from the
Lindbergh case, someone else surely would have designed it later. Nonetheless, the important
point here is that baby monitors fulfill a critical need: increasing parents’ ability to keep a
watch on their loved ones from a distance. In essence, baby monitors can be considered
potentially life-saving devices.
Given the fact that baby monitors are relied upon immensely by parents and guardians, it
becomes important to consider the security of these devices, to make sure they don’t contain
flaws that can lead to security or privacy breaches. Traditional baby monitors relied upon radio
waves that limited their range, but the current generation of devices, such as the Foscam baby
monitors and the Belkin WeMo Baby, are IoT based. These devices connect to a WiFi network
and allow the guardians to listen in from anywhere in the world. In this chapter, we will take a
look at certain security and privacy issues pertaining to such devices, to expose the risks asso-
ciated with current-generation baby monitors. This will help us determine ways to limit attack
vectors in current and future products.
We will also take a look at another product designed by Belkin: the WeMo Switch, which
can be used to remotely turn power on or off in a connected appliance. The intention here is
to study similarities and differences in design from a security perspective when the same
company designs the products. Given cultural synergies between corporate structures aligned
under the same corporation, similar security issues tend to exist in different products.
The Foscam Incident
Anyone with a cordless phone, most popular in the ’80s and ’90s, can speak about interfer-
ence with other cordless phones. Many people have experienced the situation in which their
cordless phone picked up signals from their neighbor’s cordless phone. This was because the
earlier types of cordless phones operated on fixed radio frequencies. Initially, the bet was that
neighbors were unlikely to own similar cordless phones, so this wouldn’t be a big issue. Later
on, the digital spread spectrum was introduced to allow the information to be spread over
different frequencies, making it hard for others to pick up on conversations.
Most traditional baby monitors operated on analog frequencies, making it easy for anyone
with a radio scanner to tune in. When it comes to baby monitors, eavesdropping is perhaps
the biggest concern. Initially, not many individuals were aware that purchasing a simple radio
scanner would allow anyone to listen in. However, the traditional baby monitors required the
eavesdropper to be within the vicinity of the home, which lowered the probability of a privacy
violation.
Fast-forward to today, when many popular baby monitors don’t use radio frequencies.
They rely on WiFi networks, allowing the owners to listen in remotely from anywhere in the
world. This tremendously increases the probability of a security defect being exploited. Given
CHAPTER 3: ASSAULTING THE RADIO NURSE—BREACHING BABY MONITORS AND(^60) ONE OTHER THING