Baby monitor hacking isn’t a theoretical risk — it’s a documented, recurring problem. News reports surface regularly of strangers accessing baby monitors to watch children, talk to them through two-way audio, or even play music in the nursery at night. In 2023, a family in Texas discovered a stranger had been watching their infant through a hacked WiFi monitor for weeks. In 2024, a security researcher demonstrated that several popular baby monitors could be accessed remotely with minimal technical skill. These aren’t isolated incidents — they’re symptoms of an industry that has prioritized features over security.
Understanding how baby monitor hacking works — and what you can do about it — is essential for any parent using a WiFi-connected nursery camera.
How Baby Monitor Hacking Happens
Baby monitor hacking typically exploits one of four vulnerabilities:
Default or Weak Credentials
Many baby monitors ship with default usernames and passwords (like admin/admin or admin/123456). If the parent doesn’t change these during setup, anyone who knows the default credentials — which are published in user manuals freely available online — can access the camera. Some older models don’t even require authentication to view the video stream.
This is the most common attack vector and the easiest to prevent. Always change default credentials immediately during setup, and use a strong, unique password.
Weak or Missing Encryption
Video streams transmitted without encryption (or with weak encryption) can be intercepted by anyone on the same network or, in some cases, anyone who can intercept the internet traffic between your home and the manufacturer’s cloud servers. Older monitors and budget models are most likely to have weak encryption.
Look for monitors that use AES 256-bit encryption — the same standard used by banks and government agencies. Avoid monitors that don’t specify their encryption standard.
Cloud Server Vulnerabilities
WiFi baby monitors typically route video through the manufacturer’s cloud servers. If those servers are compromised — through a data breach, misconfiguration, or software vulnerability — attackers can potentially access video feeds from thousands of cameras simultaneously. This has happened: in 2021, a vulnerability in a major camera manufacturer’s cloud platform exposed millions of camera feeds.
You can’t control the manufacturer’s server security, but you can choose manufacturers with strong security track records, regular security audits, and responsible disclosure programs.
Firmware Vulnerabilities
Software bugs in the camera’s firmware can create backdoors that attackers exploit. Manufacturers release firmware updates to patch these vulnerabilities, but many parents never update their camera firmware — leaving known vulnerabilities open indefinitely.
Enable automatic firmware updates if available, or check for updates monthly. An unpatched camera with a known vulnerability is an open door.
8 Steps to Secure Your Baby Monitor
1. Change Default Credentials Immediately
During initial setup, change the username (if possible) and password to something unique and strong. Use at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols. Never reuse a password from another account. A password manager makes this easy.
2. Enable Two-Factor Authentication (2FA)
If your monitor’s app supports 2FA, enable it. This requires a second verification step (usually a code sent to your phone) when logging in from a new device. Even if someone obtains your password, they can’t access the camera without the second factor. Nanit, Arlo, and some other premium brands offer mandatory 2FA.
3. Secure Your WiFi Network
Your baby monitor is only as secure as your WiFi network. Use WPA3 encryption (or WPA2 if WPA3 isn’t available). Set a strong WiFi password — not your address, phone number, or anything guessable. Disable WPS (WiFi Protected Setup), which has known vulnerabilities. Consider creating a separate WiFi network (guest network or IoT VLAN) for smart home devices, isolating them from your computers and phones.
4. Keep Firmware Updated
Check for firmware updates monthly, or enable automatic updates if the option exists. Manufacturers release updates specifically to patch security vulnerabilities. Running outdated firmware is like leaving your front door unlocked after the locksmith told you the lock was broken.
5. Choose Monitors with Strong Security Features
When purchasing, prioritize: AES 256-bit encryption, mandatory two-factor authentication, regular firmware update history, a responsible disclosure program (where security researchers can report vulnerabilities), and a clean security track record. Avoid no-name brands with no published security standards.
6. Disable Remote Access When Not Needed
If you only use the monitor while at home, disable remote access (viewing from outside your home network). This eliminates the cloud server as an attack vector. Some monitors allow local-only mode where the camera streams directly to your phone on the same WiFi network without routing through cloud servers.
7. Monitor Account Access
Periodically review who has access to your monitor’s app. Remove access for babysitters, relatives, or anyone who no longer needs it. Check the app’s login history if available — unfamiliar devices or locations indicate unauthorized access.
8. Consider a Non-WiFi Monitor
The most secure baby monitor is one that isn’t connected to the internet. Dedicated monitors using FHSS or DECT encrypted radio signals cannot be hacked remotely — an attacker would need to be within radio range (300-500 feet) with specialized equipment. For parents who prioritize security above all else, non-WiFi monitors eliminate the entire category of remote hacking risk.
Signs Your Monitor May Be Compromised
Camera moving on its own: If the camera pans or tilts without your input, someone else may be controlling it. This is the most obvious sign of unauthorized access.
Strange sounds from the speaker: Voices, music, or sounds coming from the monitor that you didn’t initiate indicate someone is using the two-way audio feature.
LED indicator behavior: Some cameras have an LED that indicates when the camera is being accessed. If the LED activates when you’re not viewing the feed, investigate.
Unfamiliar devices in the app: Check the app’s connected devices or login history. Devices you don’t recognize indicate unauthorized access.
Changed settings: If camera settings (angle, sensitivity, alerts) change without your input, someone else may have access.
What to Do If You Suspect Hacking
Immediately: Unplug the camera. Change your monitor account password from a different device. Change your WiFi password. Enable 2FA if not already active.
Next: Check for firmware updates and install them. Review and revoke all shared access. Check other smart home devices on the same network for unauthorized access. Consider a factory reset of the camera before reconnecting.
Report: File a complaint with the FTC (ftc.gov/complaint) if you believe the manufacturer’s security was inadequate. Report the incident to your local police if someone communicated with your child through the monitor.
The Bigger Picture
Baby monitor security is part of the broader IoT (Internet of Things) security challenge. Every internet-connected device in your home is a potential entry point for attackers. The baby monitor gets attention because the stakes — a camera in your child’s bedroom — are emotionally charged. But the same security principles apply to all smart home devices: strong passwords, 2FA, firmware updates, network segmentation, and choosing manufacturers who take security seriously.
The safest approach is layered: choose a monitor with strong built-in security, secure your home network, maintain good password hygiene, and stay aware of the signs of compromise. No single measure is foolproof, but together they make unauthorized access extremely difficult.