Click to Skip Ad
Closing in...

This $1,300 smart crib was vulnerable to a hack that could shake babies remotely

Published Apr 17th, 2020 8:20PM EDT
smart crib hack
Image: Happiest Baby

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

  • Researchers discovered a way to hack a smart crib to control its motion and speaker volume.
  • The hack required access to a Wi-Fi network, which would be difficult to gain.
  • The vulnerabilities have since been patched by the company.
  • Visit BGR’s homepage for more stories.

The Snoo smart bassinet is like a dream come true for new parents. It has a seemingly magical ability to put babies to sleep in mere moments thanks to its soothing rocking motion, built-in speaker, and swaddle that ensures that little ones remain on their backs, safe and secure. It was also, for a time, hackable.

As Wired reports, researchers from security firm Red Balloon discovered that the internet-connected crib was vulnerable to attacks from users on the same Wi-Fi network. With access to the network, the researchers were able to remotely control the smart gadget, even pushing its motor and speaker past their designed limits.

Now, before we dive too deeply into this, it’s important to note that Red Balloon gave the company that sells the Snoo, Happiest Baby, Inc., a heads up on all of this and after a few weeks, the vulnerabilities were patched. There is seemingly no danger in anyone actually doing what the researchers were able to pull off, but the story can serve as a warning for anyone who puts too much faith in “smart” devices, especially new ones.

So, what Red Balloon did here was access the crib via its Wi-Fi connection. This connection is optional, and the crib has a physical switch that allows you to turn Wi-Fi off completely, which would have prevented any of this from being possible.

However, with the crib connected to Wi-Fi, and access to that same network, the researchers were able to send commands to the crib that activated its rocking motion and speaker. When the Snoo is working as intended, these features are activated when the crib detects a restless infant.

Built-in limiters are meant to ensure that the crib’s motor doesn’t rock the baby too fast or hard, but the researchers were able to bypass that and generate more movement than would normally be possible. In a video, the crib is shown shaking a doll with significant force.

On top of that, the researchers were able to send frequencies to the built-in speaker that pushed it beyond the designed noise limits. The speaker isn’t very powerful to begin with, so they didn’t reach dangerously high sound levels, but they were still able to manipulate the hardware simply by having an active connection to a home network.

The good news — aside from the fact that these vulnerabilities are already patched — is that gaining access to a home’s Wi-Fi network means at least being in proximity to the home, and the risks of an attacker actually going through this kind of trouble are incredibly low.