2 min read

Baby monitor hacked to snoop on mother breastfeeding

Filip TRUȚĂ

June 11, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Baby monitor hacked to snoop on mother breastfeeding

IP cameras are back in the IoT security news. Shortly after researchers found remote control vulnerabilities in Foscam security cameras, a mother from South Carolina called police to report that a hacker was watching her breastfeed through a baby monitor.

Jamie Summitt had bought the $34 Fredi Wireless cam off of Amazon chiefly for its ability to pan 360 degrees and send the video feed to the family’s smartphones, even when they’re away from home, over WiFi.

“All of a sudden I noticed out of the corner of my eye that the camera was moving…and it was panning over to our bed. The exact spot that I breastfeed my son every day. Once the person watching realized I was not in bed, he panned back over to Noah asleep in his bassinet,” Summitt wrote on Facebook in a warning to all parents who rely on baby monitors to keep tabs on their children.

The device was apparently very easy to hack, even though Summitt swapped the default password for a complex one. The improved password doesn’t rule out a potential brute force attack, but it may point to a different attack route, such as a vulnerability in the camera itself.

When Summitt called the North Charleston Police Department, the monitor’s app locked up, returning the error message “insufficient permissions,” suggesting the hacker bailed out and bricked the device to erase any trail.

“I feel so violated,” the mother wrote. “This person has watched me day in and day out in the most personal and intimate moments between my son and I. I am supposed to be my son’s protector and have failed miserably. I honestly don’t ever want to go back into my own bedroom.”

As we’ve written in the past, one of the primary faults with low-end IoT devices (i.e. Chinese knockoffs) is that many of them roll out of the factory without proper security checks. Because of this, the UK has issued a proposal for IoT vendors to secure their products “by design,” similar to how the EU’s GDPR asks data custodians to secure their systems and processes “by design and by default.” The UK hopes to soon draft a law based on its proposal.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read