Hacking Baby Monitors

Title: Hacking Baby Monitors

The link below discusses hacking baby monitors, which are typically wireless. Read the story AND find another related link. Post to the blog your thoughts on the link that I provided AND your thoughts on the link that you found. Post the response by Tuesday, January 27 at 11:59pm. Your response will be graded as 2 pts, 1 pt, or 0 pts.

http://www.forbes.com/sites/kashmirhill/2014/04/29/baby-monitor-hacker-still-terrorizing-babies-and-their-parents/


Print pagePDF pageEmail page

21 thoughts on “Hacking Baby Monitors

    1. cheng si

      I think the most serious problem is these parents bought the camera from resellers and they don’t know they need to install the firmware updates released by company. In order to avoid such horrible things happen again, I would suggest for each new customer, the Forscam can require them submit their email address to activity the camera product. Then if any new update of this product released, these parents can immediately receive new update requirement alert.
      Also, for the IP address log, I would suggest change the setting of this log to automatically upload the IP address to the company database when the camera connected by different IP. I think the company database should be much more safety than personal PC. Thus polices can easily follow the IP address which already saved in database to catch the criminal.
      http://www.kevinmd.com/blog/2013/08/prevent-baby-monitor-hacked.html
      The above link is talk about how to prevent baby monitor from getting hacked for the non-technique parents. Most of suggestions in this paper are straightforward. However, I think the third approach that creates a complex password is very useful for mostly cases. Finally I strongly recommend don’t save these passwords in PC in case the hacker can easily break your pc’s firewall.

      Reply
  1. Adrian Ordorica

    For the title of the provided article, “Baby Monitor Hacker Still Terrorizing Babies And Their Parents, I thought it sounded a little funny. Who really “terrorizes” babies? Apparently really bored people on the internet. Although, the article is disturbing at first because a baby monitor is not something you would usually have to worry about getting hacked, so I looked for an article to figure out how these people do it.

    http://null-byte.wonderhowto.com/how-to/hack-like-pro-find-vulnerable-webcams-across-globe-using-shodan-0154830/
    I found that some of these surveillance cameras have a default admin and password. Usually these are cameras in a public place like a street view or store. This article also contained the default admin and password for many types of surveillance:

    ACTi: admin/123456 or Admin/123456
    Axis (traditional): root/pass,
    Axis (new): requires password creation during first login
    Cisco: No default password, requires creation during first login
    Grandstream: admin/admin
    IQinVision: root/system
    Mobotix: admin/meinsm
    Panasonic: admin/12345
    Samsung Electronics: root/root or admin/4321
    Samsung Techwin (old): admin/1111111
    Samsung Techwin (new): admin/4321
    Sony: admin/admin
    TRENDnet: admin/admin
    Toshiba: root/ikwd
    Vivotek: root/
    WebcamXP: admin/

    Some links do not even need a login because it was never set up or installed I suppose. Such as:
    http://99.240.214.38:8080/ (street view in Ottawa, Canada)
    http://71.184.222.52:8080/ (puppies in a shelter in Massachusetts, US)
    http://86.101.28.128/ (someone’s backyard in Hungary)

    This article made it very easy to learn and watch web cams around the world which is quite uncomfortable. Since I’ve done this research, I placed some tape over my web cam because I don’t trust these things any more.

    Reply
  2. Alex Shipman

    I do not see the point of having a baby monitor. First of all, most of them are not that secure. According to this article ( http://www.streetdirectory.com/travel_guide/200794/baby_and_toddler/wireless_baby_monitors_put_families_at_risk.html ), most of the monitors still communicate via unsecured, analog technology. They also bring up the point that the baby monitor could be essentially serving as a bug in the house allowing other people, such as robbers or kidnappers, to listen into conversations in the house. They could also be used by governments to listen in to private conversations as well.

    But again, I do not see any point of having these. People have been able to raise children for thousands of years just fine without these. And if you do not have one, it will not get hacked.

    Reply
    1. admin Post author

      If you ever have children, you will understand having a baby monitor, whether audio or video. Babies often do not sleep at night and adults want to. If you bring them to your bedroom, they get used to it and will not sleep without you. If you listen or watch, they may whine or briefly scream but realize life is OK and go back to sleep without you. You get to know that a sound is something bad versus a sound that means “hey, are you there? I am just checking.” After a month or two of having 2-4 hours of sleep at night, you get desperate! It gives you some peace of mind that they are ok and nothing is wrong. We have lived thousands of years without cellphones but do we give them up? 🙂

      Reply
  3. Thao Le

    Foscam static default admin ID and password is a flaw. The static password and ID destroy the purposes of securing the device and users when the connections between users and the device are expose to the internet. Besides, Foscam company is completely ignorant for setting default password for their products since there are huge database of factory default password of many products on the internet such as https://www.cirt.net/passwords and http://www.routerpasswords.com, ect.

    Reply
  4. Chenggang Lai

    http://www.nbcnews.com/tech/security/man-hacks-monitor-screams-baby-girl-n91546

    This attack is very similar to the attack man hacks baby monitor. With the development of technologies, people pay more attention to use technologies to make their lives easier. However, it is not secure if you do not learn about these products. Hackers can use various of technologies to entry your internet and control devices if they want. For kids or babies, it is better for you to keep an eye on them instead of depending on wireless devices. Companies have to pay more attention to security if their prodcuts depend on internet. Besides, they have to fix up problem immediately

    once they found problem and release new version to let all users know and download.

    Reply
  5. Meshal Alfarhood

    I read this article a couple of times and I can’t find a reason that somebody would hack a baby monitor and try to scare him/her. So now, I have some respect to those hackers who try to hack something valuable like trying to steal credit card information 🙂 According to an article in NBC news, 20% of all Foscam security cameras still use the default settings: “admin” as a username and no password. Therefore, users of these cameras are advised to do two things to be save from such attacks. First of all, users are advised to change the default usersname and password to something else. Second, users should update the firmware regularly to the latest version. From my perspective, I will only use these baby monitors when I’m home. So, I will connect my baby monitor to a local network, which is not connected to the internet, to be sure that no hacking can be done to it.

    I found a related article which talks about a search engine called Shodan that can be used to find internet connected cameras. Here’s the link of this article:
    http://www.forbes.com/sites/kashmirhill/2013/09/04/shodan-terrifying-search-engine/
    Shodan is a tool that finds devices that are connected to the internet such as the wireless cameras, heating control systems, etc. It’s created in 2009 and its founder named it after a character from a video game series. Although the returned result is limited to 10 results, however, this limit can be removed if you pay some amount of money. I typed the type of my wireless camera “D-link” and it returned about 59,000 results with information like the IP address, Internet provider company, country, etc. Also, this website can be used to search about the most default username and password for some devices. Therefore, if one user of these devices is using the default username and password, it becomes so easy to hack this wireless camera using the IP address.

    Reply
  6. John Squires

    Vulnerable Smart Homes article from Forbes It is clear after reading both articles that as we incorparate more connected technologies into our homes securing them will require changes in habits and perceptions of everyone inovled. End users have a responsibility to understand the risks they take on when buying connected products and cannot remain ignorant of the basic skills necessary to properly setup and maintain those products. Likewise, manufactures have a responsibility to build their products with security as a top priority. At a minimum that includes extending how long security updates are provided for older products, disclosing known security issues to customers in a timely manner, and adhering to security best practices for all facets of their products.

    As homes become more integrated and the inevitable security issues arise, it would not be surprising to see some form of governmental regulation emerge to mandate minimum security requirements for products and services in this sector. Similar to how hot water heaters, gas fixtures, an electrical wiring are codified for consumer safety. We are living in a time of transition and transformation. Many of the risks and benefits that come with having connected homes are still poorly understood by the involved parties. As computer engineers and individuals with security experience it is going to be a busy time for us.

    Reply
    1. admin Post author

      Very good point. I agree and think that there will be regulations that protect data and computers much like OSHA protects society from unsafe conditions.

      Reply
  7. Michael Mefenza

    I think this article brings up 2 issues.
    The first one is that if you do not use a device and it can be accessible through internet, shut down its internet access, so nobody else can use it. Those monitors are to be used within your local network; you should not make it accessible through internet or at least not all the time. That will not prevent it to be hacked but it will be harder to do so. The person would have to be at close range. Another hacker could have used that opportunity to spy on that family without their knowledge. The following link http://techcrunch.com/2013/06/13/smile-hackers-can-silently-access-your-webcam-right-through-the-browser-again/ presents a similar issue. I think this is scary, you don’t know if you are being watched or not. This has cause a market for products like Eyebloc, to prevent to be watched by blocking the camera on laptop whenever you don’t use it.
    The second about updates and fixes for vulnerabilities discovered after. People should take them more seriously and vendors should propose automatic updates since the device is internet-connected or at least warn their clients.

    Reply
  8. Ben Gooding

    Your link:
    In regards to today’s internet I find it hard to believe that the culprit in Houston is the same that hacked the camera in Ohio. It has become increasingly popular to copy pranks performed by other people or hack systems in a similar way to someone else. Foscam, and other manufacturers that are aware of security risks, and do not inform customers of these updates or actively attempt to should be held at fault. All of these cameras are connected to the internet, which would make it easy for the manufacturer to determine which version of firmware the hardware is running on and alert the end user.

    My llink: http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/
    Insteon, a company that makes smart homes made customer’s web portal visible to search engines. This allowed someone to do an internet search for smart homes that did not have a username or password. With permission, the intruder would ask the person on the other end if they could control their home. The information revealed from the web search could even allow the intruder to identify the exact location of the consumer. Some of these findings were presented at Blackhat under the title Home Invasion 2.0. Some of the home devices will grant anyone access to devices if they are on the home network or in teh case of one company, the IP address range of all their devices were leaked online.

    Reply
  9. fengli zhang

    What kind of monster it is to hack the baby monitor to scare babies. However, this also warns us to try to improve the wireless security. The risk to users of wireless technology have increased as the service has become more popular. As we know, it takes some time for hackers to hack into the wireless network. Maybe we can change the wireless protocols more frequently so that there is no enough time for them to gain access to the wired network.
    http://www.nbcnews.com/tech/security/man-hacks-monitor-screams-baby-girl-n91546

    Reply
    1. admin Post author

      You have brought up an interesting area called Moving Target Defense (MTD). I hope to discuss it more later.

      Reply
  10. Siva Bhaskar Kurapati

    Baby Monitor is one good device that helps working parents to have a look at their babies whenever they want and where ever they are in the world thanks to the internet and its supporting technology. Unfortunately these devices are getting hacked by some silly guys. The instances as in the above article question the wireless security of these devices that should be answered. Even during the design of the Electronic devices like baby monitor every security concern should be solved before releasing into the market. What is the use of release of firmware upgrades after these instances how can one expect the public update their products firmware. Unique security parameters with multiple layer encryptions must be assigned to every baby monitor which only the parent should be known. The company should do research on the products vulnerabilities before releasing it into the market. The following link suggest some tips like frequently changing the passwords, setting firewalls, turning off the devices when they are not in use etc.
    http://www.sileo.com/baby-cam-hacked-what-you-can-do-to-protect-yourself-and-your-children/

    Reply
  11. Hiep Phan

    The article raises a red flag about security for remote control wireless device. The company can make the the camera more secure by making automatic update firmware a default option when setting up the camera. Another possible option is to provide an extra layer of protection with SMS phone activation (a secret code will send to admin’s phone) to grant access if the camera is connected from a new IP address.

    From Foscam website:
    http://foscam.us/blog/foscamipcameras/tips-on-securing-your-foscam-camera/
    On step 5, because Foscam has already implemented logs of ip address accessing camera, they might extend it to email notification when signing in from new device or IP address. Admin user has the option to grant privilege for the new device/IP.

    Reply
  12. Yan Real

    The article in the website http://www.networkworld.com/article/2224469/microsoft-subnet/hacks-to-turn-your-wireless-ip-surveillance-cameras-against-you.html shows how easy it is to hack into an IP Camera and watch any person`s daily life. Not only IP Cameras but also many electronic devices in our houses can be definitely used against us by hackers such as computers, televisions, telephones, or even refrigerators and heaters that are connected to the internet and some precautions should be taken.

    With all the technology growing up fast and things becoming more interconnected, the security must be a point to be emphasized. First, it should be established a minimum security requirements for all the industries that produce devices which could be used inside people`s house. Also, the software must require that the user changes its password before it starts to work. Second, the buyer must be aware of the risks, and take all the providences to protect himself and the others around him from malicious people. He has to keep the firmware always updated to prevent what happened in the article ` Baby Monitor Hacker Still Terrorizing Babies And Their Parents`, avoid to buy from resellers in order to get all information from the company, change the password often, and, of course, choose the best quality products. Security is very important and it must be considered before a possible purchase. Otherwise, both parts will lose.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *