Recently a Houston family was terrified when they heard vulgar threats coming from the baby monitor they used to watch their four month old son. Their baby monitor had been hacked by someone attempting to scare them. While the hacker did not pose a physical threat to the family, the disturbing threats coming from their baby monitor were frightening and also could lead to identity theft and other security concerns. Many of you familiar with my work are aware of my great concerns over the vulnerability of what has become known as the Internet of Things. The Internet of Things is the name for the technology by which various things are connected and controlled over the Internet. Some of the more common products that are a part of the Internet of Things include cars, refrigerators, televisions, copy machines and medical devices. Here is a link to a column I wrote for USA Today about the Internet of Things.
The Internet of Things also includes baby monitors. In 2015 Rapid7 a security and analytics firm published its research in which they researched and ranked nine popular baby monitors. Eight of them received a grade of F, one of them received a grade of D and all of them had serious vulnerabilities that made it easy work for a hacker to take control of the devices. While it may seem that hacking into a baby monitor may be an invasion of privacy and nothing more, the truth is that in many instances, if a hacker is able to gain access to one device that is part of the home’s WiFi network, he or she could also gain access to other connected devices, such as the parent’s computer containing personal financial information or even the capability of connected to the computers of the company for which the parent works if the parent’s computer is networked in for working from home. Many hackers search the Internet for unsecured web cameras and baby monitors that have not changed the factory setting username and password.
In the four years since I first reported about this problem on Scamicide little has been done to correct the problem and there are no security standards required of the manufacturers of these devices.
Here is a link to the full report of Rapid 7 to which you can go to see if your baby monitor is one of the affected ones. https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf
Anyone who has a baby monitor should make sure that the camera and software are constantly updated with the latest security software from the company that manufactures the baby monitor. It also is a good idea to, as I have advised many times previously, make sure that your router, which connects you to the Internet, is password protected and that you change the username and default password for each of your Internet of Things devices.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”