2 min read

Baby monitor hacked to snoop on mother breastfeeding

Filip TRUȚĂ

June 11, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Baby monitor hacked to snoop on mother breastfeeding

IP cameras are back in the IoT security news. Shortly after researchers found remote control vulnerabilities in Foscam security cameras, a mother from South Carolina called police to report that a hacker was watching her breastfeed through a baby monitor.

Jamie Summitt had bought the $34 Fredi Wireless cam off of Amazon chiefly for its ability to pan 360 degrees and send the video feed to the family’s smartphones, even when they’re away from home, over WiFi.

“All of a sudden I noticed out of the corner of my eye that the camera was moving…and it was panning over to our bed. The exact spot that I breastfeed my son every day. Once the person watching realized I was not in bed, he panned back over to Noah asleep in his bassinet,” Summitt wrote on Facebook in a warning to all parents who rely on baby monitors to keep tabs on their children.

The device was apparently very easy to hack, even though Summitt swapped the default password for a complex one. The improved password doesn’t rule out a potential brute force attack, but it may point to a different attack route, such as a vulnerability in the camera itself.

When Summitt called the North Charleston Police Department, the monitor’s app locked up, returning the error message “insufficient permissions,” suggesting the hacker bailed out and bricked the device to erase any trail.

“I feel so violated,” the mother wrote. “This person has watched me day in and day out in the most personal and intimate moments between my son and I. I am supposed to be my son’s protector and have failed miserably. I honestly don’t ever want to go back into my own bedroom.”

As we’ve written in the past, one of the primary faults with low-end IoT devices (i.e. Chinese knockoffs) is that many of them roll out of the factory without proper security checks. Because of this, the UK has issued a proposal for IoT vendors to secure their products “by design,” similar to how the EU’s GDPR asks data custodians to secure their systems and processes “by design and by default.” The UK hopes to soon draft a law based on its proposal.

tags


Author


Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like

Bookmarks


loader