IndicatorSmart Baby MonitorFinal Results
Transmission of user communications or information is encrypted by default.
  • Note: For Part B of this indicator, all three components of the baby monitor (camera, handset, and app) were evaluated.
  • Note: While these tests and methodologies follow a convention of using "TLS" exclusively, "SSL" is still widely used to describe the general practice. While not recommended, this language is acceptable in light of the fact that the manufacturer is in fact using more current cryptographic schemes.
  • Test 1: The baby monitor manufacturer states that it uses SSL for data transfer of personally identifiable information , and encrypts data at rest in databases with restricted access.
  • Test 2: The baby monitor camera makes unencrypted User Datagram Protocol (UDP) connections to third-party servers every few minutes. It is not clear what data is sent, as it was obfuscated and attempts to decode it were not successful. This does not mean the data sent was encrypted, but there is no solid evidence whether this data in fact encrypted, or merely re-encoded in a format that we did not test. Further the connection itself is not encrypted. This could allow passive observation by anyone along the network path, which in turn could allow an attacker to gather up those communications in an attempt to decode the data later.
  • The baby monitor handset makes unencrypted User Datagram Protocol (UDP) connections to third-party servers every few minutes. Though the data sent is somehow obfuscated, and attempts to decode it were not successful, the connection itself is not encrypted. This could allow passive observation by anyone along the network path, which in turn could allow an attacker to gather up those communications in an attempt to decode the data later.
  • The baby monitor Android app uses TLS v 1.2 encryption by default for its connections, but makes some additional User Datagram Protocol (UDP) connections to third-party servers every few minutes via unencrypted connections. Though the data sent is somehow obfuscated, and our attempts to decode it were not successful, the connection itself is not encrypted. This could allow passive observation by anyone along the network path, which in turn could allow an attacker to gather up those communications in an attempt to decode the data later.

Test 1:
✔️
Test 2:



Transmission of user communications or information is encrypted using unique keys.
  • The baby monitor Android app uses unique keys when it is making secure connections. However the app does not encrypt all data that is sent
Users can secure their content using end-to-end encryption.
  • The baby monitor Android app does not provide an interface for enabling or disabling end-to-end encryption. Users cannot interact with each other, and have no options to change any security settings other than the user’s own password.
NA
End-to-end encryption is enabled by default.
  • The baby monitor Android app offers no ability for the user to change encryption settings. While the app does encrypt most communications, it also makes regular non-encrypted connections. The app does not inform users that it is encrypting the data that it does encrypt, nor does it inform the user when it switches from using encrypted connections to sending data “in the clear.” We uncovered this behaviour only through our analysis of the network traffic to and from the device.
User information and communications are encrypted by default when at rest.
  • The baby monitor Android app allows users to save video output from the monitor camera. While the video does not seem to be written to the phone (it is likely that it is saved "in the cloud" but this was not explored for this test), the app saves a thumbnail of that video unencrypted on the device's SD card. Given that these would presumably be images of an infant's bedroom, this would be characterized as "user information" that could be easily found and obtained in the event of a device compromise.