Internet-connected baby monitors: all too often, they spell Internet-of-Things (IoT) security disasters.
Stories of cybercreeps invading nurseries, swiveling the camera around at will, using it to spy on infants or to swear at a baby are just some of the reasons why New York City recently launched an investigation into the gadgets’ hackability.
But an entirely different kind of baby monitor has recently been hacked into existence, and it’s won one of two first-place prizes in Amazon Web Services’ (AWS’s) first-ever AWS IoT Mega Contest.
Both of the top-rated prizes combined newfangled technologies with sound sensors and Amazon’s IoT platform.
The IoT, of course, is the collection of connected gadgets that have plenty of “neat-o!” factor but which, all too often, are pockmarked with security holes.
A total of 985 participants worked on 98 projects for the contest. How secure are the uber neat-o things that Amazon wound up selecting?
That’s hard to say.
But hopefully the hardware hackers are well cognizant of the issues that have plagued IoT gadgets – particularly given that the projects include things you really, really don’t want to find out have security issues: say, the IoT Flaming and Talking Pumpkin.
Flame-broiled trick-or-treaters, anyone?
At any rate, the top-prize-winning baby monitoring system, from Australian (and new parent) Marian Mihailescu, is called Baby NAP (Night Activity Program).
Baby NAP consists of an RFID reader attached to a baby’s crib, RFID bracelets worn by parents, and a pressure mat sensor in the crib, all of which determine when the baby is picked up, for how long, and by which parent.
The system also uses a sound sensor to measure a baby’s sobs, including how loudly he or she cries, for how long, and how intensely.
An infrared motion detector measures the room’s ambient motion – which can be used to determine how long the baby’s been held – while other sensors record ambient light.
In fact, Baby NAP can also be used with another IoT gadget: it can adjust the light color in a Phillips Hue bulb.
That should ring an IoT security bell.
That lightbulb, in fact, was found to have rather abysmal security when it first came out.
The other project to win First Prize in AWS’s contest was a voice-controlled drone.
To create it, Chris Synan built a new application for Amazon’s voice-activated personal assistant, “Echo.”
We haven’t seen security issues around this device, which is Amazon’s answer to Apple’s Siri, Microsoft’s Cortana and Google’s “OK, Google” voice assistants.
But we have heard murmurs about privacy, given that Amazon hasn’t said much about how the data it collects – all listened to, recorded, saved and uploaded to the cloud – will be used.
Other voice-activated connected gadgets have raised concerns.
About a year ago, a privacy group wanted to shut down what it was referring to as the “eavesdropping” Barbie: a Wi-Fi, microphone-sporting, speech-recognising, interactive Barbie doll from Mattel that recorded, encoded, encrypted and sent children’s voices to the company’s servers, to be processed by voice-recognition software.
None of this is to imply that any of the innovative, wildly imaginative projects from the Hackster/AWS competition have security or privacy holes that we know of.
But some are being built on components that have displayed issues in the past.
Mihailescu says in his project’s introduction that his Baby NAP system was inspired by experience as a new parent:
Being a parent for the first time is a big challenge. Having a baby cry and not knowing how to calm her down faster can be extremely taxing, especially on working parents that take turns taking care of the baby.
The IoT is a new baby. Let’s hope that all the parents out there are considering raising their projects with keen attention to security.
We don’t need more avenues for creeps to exploit in nurseries. We don’t need pumpkins that say lewd things.
And we really don’t need voice-activated drones to be listening to commands whispered by malevolent cyberjerks who might want to fly them places where drones have no business going.