Reading Time: 15 min | Last Updated: February 25, 2026
A Stranger Spoke to a Child Through a Hacked Baby Monitor. The Parents Had No Idea.
The family had done everything right. Or at least, they thought they had.
They bought a well-reviewed baby monitor from a trusted brand. Plugged it in. Connected it to WiFi. Set it on the shelf in their daughter's nursery. It worked perfectly — they could watch her sleep from their phone downstairs.
Then one night, their three-year-old told them something that made their blood run cold:
"The man in the camera talks to me at night."
A hacker had gained access to the monitor. They'd been watching. Listening. Talking. For how long? The family didn't know. The monitor's password was the factory default — "admin" — and the firmware hadn't been updated since the day it was unboxed.
This isn't a horror movie plot. It's happened — documented, reported, and repeated — to families across the world. And baby monitors are just the beginning.
In 2025, Ring camera users across America woke up to find mysterious logins from unknown devices — sometimes in foreign countries — appearing in their account history. Millions panicked. Was someone watching through their doorbell cameras? Had their home security turned into a surveillance tool for strangers?
Right now, as you read this:
- 820,000 IoT hacking attempts are happening every single day
- IoT malware attacks surged 124% in 2025
- 1 in 4 smart home devices contains at least one critical vulnerability
- 98% of IoT device traffic is unencrypted
- 35% of devices still ship with "admin" as the default password
Sources: DeXpose, CompareCheapSSL, WiFi Talents
Your smart camera. Your robot vacuum. Your voice assistant. Your smart thermostat. Your WiFi-connected light bulbs. Every single one is a tiny computer connected to the internet. And most of them have the security of a wet paper bag.
Let's talk about why, and — more importantly — how to fix it.
What Even IS an "IoT Device"?
IoT stands for "Internet of Things." It's a fancy term for any physical device that connects to the internet but isn't a traditional computer or smartphone.
If you're reading this in your living room, look around. Count the IoT devices:
- Smart TV ✅
- Smart speaker (Alexa, Google Home) ✅
- Security cameras (Ring, Nest, Arlo) ✅
- Smart thermostat (Nest, Ecobee) ✅
- Robot vacuum (Roomba, Roborock) ✅
- Smart doorbell ✅
- Smart light bulbs ✅
- Smart plugs ✅
- Smart lock ✅
- Gaming console ✅
- Smart fridge, washer, or oven ✅
The average home now has 15-20 connected devices. Globally, there are over 24 billion IoT devices — that's roughly three for every person on Earth. And by 2030, that number will nearly double.
Here's the problem nobody talks about at the electronics store: most of these devices were designed for convenience, not security.
Why Your Smart Devices Are So Insecure
I want to explain this clearly, because once you understand why IoT devices are vulnerable, the solutions become obvious.
1. They Ship With Terrible Defaults
35% of IoT devices use "admin" as the default password. Many have no option to change it. Some have hardcoded credentials baked into the firmware — meaning even if you wanted to change the password, you literally can't.
This is the router default password problem multiplied by every device in your house.
2. They Rarely Get Security Updates
Your phone gets monthly security patches. Your laptop updates regularly. Your $30 smart light bulb? The manufacturer released firmware once in 2023 and hasn't touched it since. Many IoT manufacturers are small companies that go out of business — leaving devices permanently unpatched and vulnerable.
3. They Have Minimal Processing Power
Most IoT devices run on tiny, cheap processors with barely enough power to perform their core function. There's no room for a firewall, antivirus, or any meaningful security software. They're essentially naked computers on your network.
4. They Talk Too Much
IoT devices constantly communicate — with their manufacturer's cloud servers, with each other, and sometimes with third parties you've never heard of. Your smart TV might be sending viewing data to advertisers. Your robot vacuum might be mapping your home and sharing it. And 98% of this traffic is completely unencrypted.
5. They're a Gateway to Everything Else
This is the scariest part. A hacked smart light bulb seems harmless. But once an attacker is on your network through that light bulb, they can potentially access your laptop, phone, NAS drive, and everything else on the same network. The light bulb is the open window; your personal data is what's inside the house.
What Hackers Actually Do With Your Smart Devices
Spoiler: it's not just watching through your camera (although that's terrifying enough).
| Attack Type | What Happens | Real-World Impact |
|---|---|---|
| Botnet recruitment | Your device is secretly enslaved into a botnet army | Used to attack websites, businesses, and infrastructure (DDoS) |
| Surveillance | Hackers access camera/microphone feeds | Strangers watch your home, talk to your kids, record you |
| Network pivot | Use the IoT device as a stepping stone to other devices | Steal files from your laptop, intercept banking sessions |
| Cryptomining | Your device mines cryptocurrency for the attacker | Slow performance, higher electricity bills, device damage |
| Data theft | Intercept unencrypted traffic from your network | Steal credentials, personal data, sell on dark web |
| Ransomware | Lock your smart lock, thermostat, or security system | "Pay $500 or we keep your front door locked." Not theoretical. |
80% of botnet activity during major DDoS attacks comes from consumer smart home devices. Your compromised camera isn't just a privacy violation — it's a weapon being used to attack hospitals, banks, and government websites.
How to Secure Every Smart Device in Your Home
I've organised these from most impactful to "if you really want to go the extra mile." Do the first five and you'll be ahead of 95% of smart home owners.
1. Change Every Default Password (10 minutes)
Go through every IoT device you own — cameras, doorbells, speakers, routers, smart plugs — and change the password from the factory default. Use your password manager to generate and store a unique password for each device.
If a device won't let you change its password, that's a massive red flag. Consider replacing it with one that does.
2. Put IoT Devices on a Separate Network (15 minutes)
This is the single most important step.
As we covered in the WiFi security guide, your router's guest network is your best friend. Put ALL IoT devices on the guest network. Keep your laptops, phones, and personal devices on the main network.
Why? Because guest networks are isolated. Even if your smart light bulb gets hacked, the attacker can't reach your laptop, your bank session, or your personal files. They're stuck on an island.
This is Zero Trust applied to your home: don't trust any device just because it's on your network.
3. Update Firmware on Every Device (10 minutes)
Check every smart device for firmware updates:
- Open each device's app
- Go to Settings → About / System → Check for Updates
- Enable auto-updates if available
- Set a quarterly calendar reminder to check manually
4. Disable Features You Don't Use
- Remote access — if you don't need to control a device away from home, turn off remote access
- Microphone/camera — if a device has a mic or camera you don't need, disable or physically cover it
- UPnP — disable on your router (as we covered in the WiFi guide)
- Voice purchasing — disable on Alexa/Google Home to prevent social engineering attacks
5. Enable MFA on Device Accounts
Your Ring account, Nest account, Alexa account — these all support multi-factor authentication. Enable it. If someone gets your Ring password from a data breach, MFA blocks them from logging in and watching your cameras.
6. Buy From Reputable Brands (Going Forward)
Not all smart devices are created equal. When buying new devices, choose brands that:
- Commit to ongoing security updates (look for a stated support period)
- Allow password changes and MFA
- Use encrypted connections (look for "end-to-end encryption" in specs)
- Have a track record of responding to vulnerabilities quickly
That no-name $15 camera from a marketplace seller? It might work fine. But it's almost certainly running outdated, unpatched firmware with hardcoded credentials and an insecure cloud connection. The savings aren't worth the risk.
7. Monitor Your Network (Advanced)
If you have a home firewall like Firewalla, you can see exactly what every device is doing — what servers it's talking to, how much data it's sending, and whether anything looks suspicious. This is the gold standard for home IoT security.
The Smart Home Security Checklist
| ✅ | Action | Time |
|---|---|---|
| ☐ | Change default passwords on ALL smart devices | 10 min |
| ☐ | Move all IoT devices to the guest/separate network | 15 min |
| ☐ | Update firmware on every device | 10 min |
| ☐ | Disable unnecessary remote access, mics, and cameras | 5 min |
| ☐ | Enable MFA on all device accounts (Ring, Nest, Alexa) | 5 min |
| ☐ | Disable UPnP on your router | 2 min |
| ☐ | Set up DNS filtering (Cloudflare 1.1.1.2) | 3 min |
| ☐ | Quarterly: check for firmware updates on all devices | Ongoing |
Total time: about 50 minutes. Less than an episode of your favourite show. And it protects every smart device in your home from the 820,000 attacks happening every single day.
The Bottom Line
I love smart home technology. I really do. The convenience of telling Alexa to turn off the lights, checking my doorbell camera from across town, having my thermostat learn my schedule — it's genuinely wonderful.
But I'm also honest enough to say this: every smart device you add to your home is a new door that a hacker can try to open.
That doesn't mean you should throw out your smart speaker or disconnect your cameras. It means you should treat them like what they are — tiny, internet-connected computers that need the same basic security hygiene as any other device on your network.
Change the passwords. Separate the network. Update the firmware. Enable MFA. That's it. Four things that take less than an hour and transform your smart home from "wide open" to "properly locked down."
The family with the hacked baby monitor? They didn't need expensive security software. They needed to change one password and update one piece of firmware. That's the gap between a horror story and a secure home.
Don't be the house with the unlocked window. Not when locking it takes ten minutes.
Read the full cybersecurity series: antivirus, Zero Trust, 10 mistakes, ransomware, VPN vs Zero Trust, social engineering, password managers, supply chain, MFA, WiFi security, encryption, dark web, privacy, AI cybersecurity, quantum, firewalls, cloud security, and small business security.
— Harsh Solanki, Founder of FutureInsights.io
Frequently Asked Questions
Can someone really hack my smart speaker and listen to me?
Technically, yes — but it's unlikely to happen through a direct hack of the speaker itself. The more common risk is account compromise: if someone gains access to your Amazon or Google account (through a leaked password and no MFA), they can access your speaker's history, recordings, and even drop-in features. Enable MFA on your account, review your voice history regularly, and disable drop-in features if you don't use them. The device microphones can also be physically muted with the hardware button when privacy matters most.
Should I put security cameras on my guest network?
Yes — this is the recommended approach. Security cameras should be on a separate (guest) network isolated from your personal computers and phones. You can still view camera feeds through the manufacturer's cloud app on your phone, even when the camera is on a different network. The isolation means that if the camera is compromised, the attacker can't reach your personal devices. The same applies to all IoT devices — doorbells, thermostats, smart TVs, everything except your laptop and phone.
Are expensive smart home devices more secure than cheap ones?
Generally, yes — but price alone isn't a guarantee. Reputable brands (Ring, Nest, Arlo, Ecobee, Philips Hue) typically invest in ongoing security updates, encrypted connections, and bug bounty programs. Cheap, no-name devices from unknown manufacturers often ship with hardcoded passwords, rarely receive updates, and may have insecure cloud connections. When choosing devices, look for: commitment to security updates, MFA support, encrypted communications, and a public vulnerability disclosure process.
What was the Mirai botnet and could it happen again?
The Mirai botnet (2016) infected hundreds of thousands of IoT devices — mostly cameras and routers with default passwords — and used them to launch one of the largest DDoS attacks in history, taking down Twitter, Netflix, Reddit, and other major sites. Can it happen again? Not only can it — it's actively happening. Mirai variants still circulate, and AI-powered botnets are now recruiting vulnerable smart devices at scale. An estimated 32-40 million devices are part of botnets at any given time. The defence is the same as it was in 2016: change default passwords and update firmware.
Do I need a separate router for my IoT devices?
Not necessarily. Most modern routers support a guest network feature that creates an isolated network within the same router — this achieves the same goal (separation) without extra hardware. However, if you have a large number of IoT devices (20+) or want more granular control, a dedicated router or VLAN-capable setup gives you more options. For most homes, the guest network on your existing router is more than sufficient.
Is my smart TV spying on me?
In a way, yes. Most smart TVs collect data about your viewing habits, app usage, and sometimes even use Automatic Content Recognition (ACR) to track what you're watching — even from external devices like game consoles. This data is typically shared with advertisers. To limit this: go to your TV's privacy settings and disable ACR, viewing data collection, and ad personalization. On Samsung, look for "Viewing Information Services." On LG, look for "Live Plus." On Roku, disable "Smart TV Experience." It won't stop the TV from functioning — it just stops the surveillance.
📚 Further Reading & Research
- IoT Hacking Statistics 2026 — DeXpose
- IoT Security Statistics 2026 — CompareCheapSSL
- Smart Home Security Statistics 2026 — CompareCheapSSL
- AI-Powered IoT Attacks 2026 — SecureIoT.House
- IoT Security Data Reports 2026 — WiFi Talents
- IoT Security Statistics 2026 — Gitnux
- Ring Camera Security Incident 2025 — SafeWise
- Can Ring Cameras Be Hacked? — Surfshark