A Houston, Texas couple got a great shock this weekend when they heard a male voice coming from a room where their two year old was sleeping.
They heard the man shouting to the little one to wake up, using expletives, and once they entered the room, the camera / baby monitor from which the voice was coming turned towards them and the attacker abused them, as well.
The father, Marc Gilbert, turned off the device immediately, but didn’t notify the police about it. Their daughter wasn’t affected by the attack, as she is deaf from birth, but Gilbert chose to talk to the media in order to alert other parents to the possibility that their baby monitors might be hacked and misused by attackers.
In this particular case, the voice they heard had a British or possibly European accent, but the hacker could really be from anywhere in the world. The father believes that the attacker hacked into both his router and the camera, which seems to be manufactured by Foscam.
As a reminder: In April 2013, Qualys researchers have discovered that that manufacturer’s wireless IP cameras had security vulnerabilities that allowed hackers to hijack them, and Foscam provided an upgrade for the cameras’ firmware that solved the problem. Nevertheless, there is no knowing how many of the users actually upgraded it.
The worst thing is that there are plenty of similarly vulnerable baby monitors out there that are being sold to technically unsavvy parents without a word of warning that, as ABC News proved in their report, anyone with a baby monitor video receiver could drive down a random street and pick up signals from the monitors used in houses nearby.
One problem is that the wireless channels used by these devices are usually set on the same standard frequency and the signal they are broadcasting is quite strong, making it trivial for local attackers to pick them up.
Another problem is that these devices are often connected to the Internet, have plenty of exploitable security flaws, and access to them is protected with hard-coded or default passwords that can be found online, thus allowing even remote hackers to hijack them.
The world is changing, technology is changing, and users would do well to understand that consumer goods that can be connected to the Internet can also be attacked through it.