For the last couple of years, tech writers (including yours truly) have been warning that Internet-connected baby monitors are vulnerable to hacking. In 2013, for instance, the Chinese-manufactured Foscam brand was found to have a glaring security hole that allowed hackers to gain access to the audio and video feeds transmitted by the cameras. Forbes technology writer Kashmir Hill wrote that at least 40,000 Foscam monitors were potentially vulnerable.
When news of the vulnerability broke, Foscam promptly issued a firmware update, but limited its notification to a blog post that said nothing about the potential for hacking. As a result, many if not most Foscam owners remain unaware of the risk that strangers might be watching or listening to their children.
Just last week, a couple in Washington told CBS News that they heard a voice coming out of the monitor saying “Wake up little boy, daddy’s looking for you.”
Their 3-year-old son had been complaining of voices at night, but the couple thought that it was just a function of his imagination.
A few weeks earlier, a Rochester, Minnesota family heard music coming out of their child’s bedroom. When the parents walked in, the music stopped. The mother looked up the IP address that accessed the device and was able to trace it to Amsterdam before the trail ran cold.
And last November, the BBC published a particularly thorough investigation of webcam hacks (including baby monitors). Among other things, the BBC report identified a Russian Web site (since shut down) that gave visitors access to video feeds from over 70,000 unsecured Internet-connected cameras around the world, many of which were located in private homes.
These reports should be considered an early warning sign of the potential problems that will plague the roll-out of the much-ballyhooed “Internet of Things.” There are powerful forces driving the push to connect physical objects to the Internet, but it will take careful planning and constant vigilance to minimize the risks associated with an IP-infused world. It’s a topic that I will be writing about frequently in the months to come.
In the meantime, here are some practical tips for parents:
- Before buying an IP-connected baby monitor, do an Internet search using the brand name and variations on the word “hack”;
- When you set up the monitor, be sure to download and install any hardware updates before using it;
- Make sure that you change the default password to something secure (here are some tips for choosing a more secure password) and make sure you don’t use a password you’ve used for other sites;
- Periodically visit the manufacturer’s Web site to see if any updates have been issued;
- Change the password periodically; and
- If your kid says that he or she is hearing things, take them seriously.