Can your baby monitor be hacked? The answer is, Yes.

In 2015, a 21-year-old man in the U.K. was arrested in what became known as the VTech Kids Toy Hacking case. Millions of profiles were compromised, making both names and addresses available to the highest bidder.

This case sparked international concern about how safe baby monitors really are.

If you buy a video monitor to keep your child safe, are you also introducing extra danger into your house? The answer, according to several experts, is that baby monitors are hackable. Anything on the internet of things—IOT, which includes any device that uses the internet—is able to be hacked.

Eric Magidson, professor of Computer Information Systems at Central Oregon Community College, says, “There are a lot of companies building a lot of IOT devices, getting them out to market and being first. Thus, security can—and does—take a back seat to getting these products out on the market.”

However, there are steps that parents and baby monitor manufacturers can take to protect themselves.

How hacking works in general

Using a product that relies on an internet connection opens the door for hackers to enter. But the likelihood of hackability is based on how much time a hacker has (which also involves how tough it is for the hacker to work through the code), the username and passwords you use, and how secure the software of a device is.

Hackers can find their way into a system via your network—which would compromise all your devices, including a baby monitor—or through the device itself.

In the VTech case, the hacker was able to access the devices, which allowed them to pull information from caregivers’ smartphones. This is the most common hacking strategy, Magidson says.

Rarely do hackers actually enter into a local video stream, although this is a possibility. More frequently, hackers are chasing access to credit card information, addresses and beyond, within a system.

Make it harder for hackers to access your baby monitor

Secure software is something that users can’t control; that’s up to baby monitor manufacturers. But picking a secure username and password is a great way to protect yourself.

Magidson recommends not choosing a “cheesy” username and password like your first initial and last name, or a common email address. If a hacker can look up who lives at your address, they may be able to guess at a basic password. And if you use the same password for several systems, the hack might spread from one system to another.

If you can, use a password manager to keep track of complicated passwords, and choose a different password for each system.

Magidson says, “Use passwords that are as long as the device will support, meaning if the device only supports 15 characters, I want to use 15 with a combination of upper and lower case, numerals and special characters.”

Representatives from popular baby monitor manufacturer Miku recommend the same thing: Don’t re-use your passwords, make sure you change your password often, and choose a unique, strong password that other people wouldn’t guess.

Purchase from a trusted brand

While there isn’t a baby monitor that can’t be hacked, there are baby monitor brands you can trust more than others.

Software and hardware security is mostly up to the baby monitor manufacturer, so you’ll want to be choosy about which monitor to buy.

When buying a new monitor, make sure that the brand doesn’t have a history of being hacked. A quick Google search reveals recent breaches in cameras offered by Owlet and Fredi baby monitors. You can also read online reviews of the product before buying.

Baby monitor manufacturers should offer firmware or software updates often, and you should make sure to install these as they’re offered.

A reputable brand will also offer two-factor authentication, which is solid protection for any device or software program and reduces the likelihood of hacking.

Brands like Miku offer two-factor authentication, but they also have other security features: Wi-Fi encryption, crypto-chip security (which means that the authentication keys for a device are stored on a physical hardware security chip), and encrypted peer-to-peer connection.

Some baby monitor manufacturers also opt to use low-frequency radio signals instead of Wi-Fi, to keep devices secure. This works in most cases, although it isn’t completely foolproof. If a hacker wanted to, they could still hack into the device itself (rather than the network), which would allow them to receive the radio signal and see or hear what’s going on inside your home.

Can you tell if your baby monitor has already been hacked?

If you notice that you’ve been signed out of many of your online accounts (especially bank accounts) or you notice purchases on your statements that you didn’t make, this is a sign that you may have been hacked. Often, you might receive a text or email asking you to confirm a purchase; if you didn’t ask for that code or confirmation, you’ll want to change your information right away.

Likewise, if your baby monitor is acting strangely (turning on at odd times, rotating by itself, or blinking at strange intervals), you should also reset the entire device. Sometimes, you may also hear noises coming from the baby monitor, especially if they are two-way communication devices.

Here’s what to do if your monitor has been hacked

If you’re worried that your monitor has been hacked, unplug it. Then do a factory reset if possible. Update your password and any other information stored in your account.

You may also want to change the passwords for your Wi-Fi network. Keep a close eye on your accounts (especially bank accounts and credit cards) for the next few weeks.

So, can your baby monitor be hacked? Yes.

Unfortunately, any product that links to the internet to operate, especially from a home network, is vulnerable to being hacked. But you have a lot of control over protecting your family from hacking, including setting a secure password, installing firmware updates, and buying baby monitors from a reputable company, including Nanit and Eufy.

Think of your passwords and usernames as a wall around your virtual home; the best way to keep that wall strong is to set strong passwords and update them often.