This year has seen a spate of reports about hacked baby monitors, nannycams, and similar devices. Any connected device with a camera is potentially vulnerable, said Intel Security's Snell.
"There are numerous websites cataloging unprotected cameras displaying private video," he added.
Earlier this fall, for example, security firm Rapid7 reviewed popular baby monitors from six manufacturers and found that all had significant security problems such as lack of encryption for communications or stored data, and warned that this could just be the tip of the iceberg.
Attackers could use these devices to invade personal privacy, steal recorded videos, track when people were home, or use the devices to get access to the local network.
"It is important to stress that most of the vulnerabilities and exposures discussed in this paper are trivial to exploit by a reasonably competent attacker," researchers said.
The report got significant media attention, and most of the device manufacturers involved rushed to fix the problems.
"The issue noted within the report on baby monitors was resolved on Summer Infant's models within 48 hours," said a Summer Infant spokesperson.
TRENDnet found that attackers would not only need physical access to the camera but would also have to rewire the circuit board to exploit the vulnerability, but patched the vulnerability, and the firmware upgrade is available and all users notified either through the email addresses they registered their products with, or through the website next time they log into view their video.
The Philips product involved, the In.Sight Wireless HD Baby Monitor, is a discontinued product that had been produced by another company, Gibson Innovations, under the Philips brand name. The two companies worked together and fixed the problem in September, shortly after the Rapid7 report came out. The companies updated the affected cloud services, updated the firmware, and updated both the Android and iOS apps.
Elnaz Sarraf, VP at iBaby Labs, said that his company has taken a number of steps to resolve the security concerns raised by Rapid7, including securing communications between the monitor, the apps, and the associated cloud service.
According to a spokesperson from Gynoii, the company has already upgraded the product with new firmware, and existing customers will be able to download the new firmware within the coming week.
As of deadline, Lens Laboratories has not responded to our request for comment.