Imagine inviting thousands of strangers into your home to watch your sleeping baby.
That’s essentially what happened when parents who purchased Foscam’s internet-connected baby monitors found out the hard way that they hadn’t taken their privacy seriously.
One couple in Rochester, Minnesota discovered something was wrong when they heard their monitor playing music at night. They traced the origin of the sounds back to an IP address in Amsterdam. And they also discovered something terrifying — thousands of images from people’s homes.
“There’s at least fifteen different countries listed and it’s not just nurseries – it’s people’s living rooms, their bedrooms, their kitchens,” the mom told local station KTTC. “Every place that people think is sacred and private in their home is being accessed.”
Revealing the insecurity of Foscam monitors has become something of a game for some hackers.
“That’s a really poopy diaper,” one hacker told a couple in Houston, Texas before offering a bit of advice about updating the monitor’s password.
That’s good advice, says F-Secure’s Director of Strategic Threat Research Mika Stahlberg. But it may not be good enough given potential vulnerabilities in the device that could allow hackers to reach the password through the server.
“To make matters worse, Foscam allows for easy use of UPnP to open its web server on the public internet so that parents can use it also when not at home,” Mika told me.
This is true, but IoT devices, especially baby monitors, are especially prone to pretty simplistic hacks for at least 7 reasons.
A recent study by security company Rapid7 finds that 9 out of 10 of the most popular brands of internet-connected monitor are vulnerable to cyber intrusion.
Given that most parents aren’t familiar with security basics like keeping firmware updated and changing default passwords, that seems likely — even if the design of the devices meets basic security needs.
If it’s smart, it’s exploitable. And if it has a camera, someone may want to watch it — even if it’s in your baby’s room.
[Image by Abigail Batchelder | via Flickr]
The Vault 7 leak that appeared early in March of 2017 either represents the most significant…
March 16, 2017
"I believe data is the new oil," F-Secure's chief research officer Mikko Hypponen says. "And…
January 12, 2017