The “hacked baby monitors” news piece is making the rounds again, as they routinely do. Sure, it happens, but it’s an infrequent occurrence. However, something is much more commonplace and dangerous that most users and parents might be unaware of. Let’s see what we find using a bit of OSINT (open source intelligence) and the ability to understand and navigate the mainland Chinese web.
A quick search on Amazon for “baby monitors” will show a host of options, one of which is a highly ranked paid ad for a monitor under the company name “HelloBaby”. A seemingly legit company until you look into the details of the seller and the product’s origin.
This Amazon listing is spending heavily on paid search ads, so it’s no surprise here that we are looking at 100,000 units sold on a month-to-month.
Let’s look into the listing and see who is selling this baby monitor. There’s only 1 seller on the Amazon listing, so we can safely assume this is the manufacturer as well.
Let’s look at the detailed seller information for the Amazon profile. You guessed it: it’s a mainland China address:
A deeper look into the domain linked with this product (hellobaby-monitor[.]com) reveals further information. The user manual (which has now been deleted and replaced with the Americanized version), available in a cached version of the website, indicates that the original domain is linked with a .CN ccTLD – China’s country code Top Level Domain.
Hellobaby[dot]net[dot]cn is the root domain, which currently redirects to the .com website. Through the Internet Archive’s WayBackMachine, we can undress the site a bit and see what was actually going on before the redirect.
The Alibaba company profile verifies the existence of Shenzhen Videotimes Technology Co., Ltd. and highlights that it employs nearly 200 people. It’s a large and presumably well-structured organization, and herein lies a hidden concern for buyers.
Given the size of the company, it would be reasonable, and perhaps even safe, to assume that there is a Chinese Communist Party (CCP) cell embedded within this organization. This is not an uncommon practice in China, where the CCP has established party organizations within both public and private businesses. Essentially, this means that there’s a strong possibility that the Chinese State has access to your baby monitor live feed data.
This should be taken more seriously, especially now with the recent revelations of TikTok’s/Bytedance handling of foreign data. While there are a multitude of uses for baby monitors, they are, at their core, surveillance devices. They record audio and video data that you might not want in the hands of an unknown third party, let alone a foreign government.
This was a very brief, 10 minute OSINT (open source investigation) look into the first result I found when typing in “baby monitor”. I can safely bet that there are many more listings with a similar pattern on the 1st page of Amazon for this query.