Privacy Nightmare: When Baby Monitors Go Bad

Print Friendly, PDF & Email

cam-heroA secure crib and a baby mon­i­tor are on the the “must-have” safe­ty check­list for many new par­ents. But when you tuck Junior in for the night, you nev­er imag­ine wak­ing to a scene straight out of The Twi­light Zone: a foul-mouthed baby cam­era with a life of its own.

This is exact­ly what hap­pened to Adam and Heather Schreck last spring when they awoke in the mid­dle of the night to screams of “Wake up, baby!” stream­ing from their daughter’s bed­room. The cou­ple rushed to their 10-month-old’s crib and real­ized the voice was com­ing from the IP cam­era they had trained on their baby to ensure her safe­ty.

Then things got even creepi­er.

The cam­era rotat­ed to face Adam, and a voice start­ed scream­ing obscen­i­ties. Adam real­ized the cam­era was pos­sessed con­trolled by a hack­er and pulled the plug. (Note: Cut­ting pow­er to the cam­era was the wrong move because it erased foren­sic data.)

baby-on-camera-350Unfor­tu­nate­ly, the Schreck family’s expe­ri­ence wasn’t iso­lat­ed. In August 2013, a Hous­ton fam­i­ly using a sim­i­lar IP cam­era awoke to find their two-year-old being ver­bal­ly assault­ed by some­one yelling obscen­i­ties.

camera-stream-350These inci­dents occurred because par­ents were using IP Cam­eras

What is an IP cam­era? The “IP” stands for Inter­net Pro­to­col, as in an IP address. Cam­eras, com­put­ers and oth­er devices on the Inter­net trans­mit an IP address so oth­er Inter­net-con­nect­ed devices know where to deliv­er con­tent. An IP cam­era enables a legit­i­mate user, like a par­ent who wants to mon­i­tor a sleep­ing baby, to stream audio and video to anoth­er device, like a smart­phone. But this same remote acces­si­bil­i­ty can be exploit­ed by a hack­er.

Baby mon­i­tor­ing sys­tems and home secu­ri­ty cam­eras aren’t the only types hack­ers tar­get. IP cam­eras in offices and pub­lic places can also be com­pro­mised if they aren’t prop­er­ly secured. The Dai­ly Mail recent­ly found they could access numer­ous cam­era feeds not only of chil­dren, but also the elder­ly and sen­si­tive assets, like cash reg­is­ters.

old-lady-resting-from-daily-mail-article-350
If you own an IP cam­era, take the fol­low­ing pre­cau­tions to reduce the chances of get­ting hacked:

1. Change the default pass­word. Many cam­eras come with a sim­ple and stan­dard pass­word to make it easy for the new own­er to stream audio and video to a com­put­er or oth­er remote device with min­i­mal set up. Hack­ers know this and exploit the vul­ner­a­bil­i­ty.

2. Set unique, strong pass­words for all your home devices. Com­put­er guru Kim Koman­do has some great tips. You can also check out eHow’s own pass­word info­graph­ic to learn what makes a good pass­word, and if your pass­words are secure enough.

3. Update your camera’s firmware. Cam­era man­u­fac­tur­ers often pro­vide updates when they find an exploitable weak­ness. Vis­it the camera’s web­site occa­sion­al­ly to see if they have any updates.

4. Set your devices not to broad­cast their SSID. This step makes your devices less vis­i­ble to the pub­lic (but admit­ted­ly won’t slow down a ded­i­cat­ed hack­er). The SSID is the device name that broad­casts, show­ing a wire­less con­nec­tion to it is pos­si­ble.

Note that imple­ment­ing new secu­ri­ty pro­tec­tions will make your cam­era less vul­ner­a­ble, but there’s still a chance it could be hijacked. A sophis­ti­cat­ed hack­er could not only vio­late your pri­va­cy by turn­ing your web­cam on you and your loved ones, but could also com­man­deer your net­work and make your cam­era a slave bot to car­ry out addi­tion­al exploits. D2T1 — Sergey Shekyan and Artem Haru­tyun­yan — Turn­ing Your Sur­veil­lance Cam­era Against You (1)

The very best way to keep your IP cam­era from being turned on you is to not have it turned on in the first place. Use one if you must, but think very care­ful­ly about the poten­tial dam­age that could be done when you click the “on” but­ton.