In my December 28, 2018 Scam of the day, I told you about a Houston family that was terrified when they heard vulgar threats coming from the baby monitor they used to watch their four month old son. Their baby monitor had been hacked by someone attempting to scare them. While the hacker did not pose a physical threat to the family, the disturbing threats coming from their baby monitor were frightening and also could lead to identity theft and other security concerns. Many of you, familiar with my work, are aware of my great concerns over the vulnerability of what has become known as the Internet of Things. The Internet of Things is the name for the technology by which various things are connected and controlled over the Internet. Some of the more common products that are a part of the Internet of Things include cars, refrigerators, televisions, copy machines and medical devices. Here is a link to a column I wrote for USA Today about the Internet of Things.
The Internet of Things also includes baby monitors. In 2015 Rapid7 a security and analytics firm published its research in which they researched and ranked nine popular baby monitors. Eight of them received a grade of F, one of them received a grade of D and all of them had serious vulnerabilities that made it easy work for a hacker to take control of the devices. While it may seem that hacking into a baby monitor may be an invasion of privacy and nothing more, the truth is that in many instances, if a hacker is able to gain access to one device that is part of the home’s WiFi network, he or she could also gain access to other connected devices, such as the parent’s computer containing personal financial information or even the capability of connected to the computers of the company for which the parent works if the parent’s computer is networked in for working from home. Many hackers search the Internet for unsecured web cameras and baby monitors that have not changed the factory setting username and password.
More recently a California family that used Nest Cam security cameras in their home was terrified when an emergency warning of a North Korean Intercontinental Ballistic Missile attack came through their Nest security cameras. It was a hoax, however, the problem with the family’s Nest security cameras had less to do with Nest, a company owned by Google, than with the California family whose password had been compromised.
TIPS
Here is a link to the full report of Rapid 7 to which you can go to see if your baby monitor is one of the affected ones. https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf
Anyone who has a baby monitor should make sure that the camera and software are constantly updated with the latest security software from the company that manufactures the baby monitor. It also is a good idea to, as I have advised many times previously, make sure that your router, which connects you to the Internet, is password protected and that you change the username and default password for each of your Internet of Things devices.
If you have Nest security cameras you should first make sure that you have a strong and unique password for your account, but you should also use Nest’s dual factor authentication security feature. This will not permit anyone to access your security camera without having a one-time code sent to your cell phone after you enter your password. Dual factor authentication is a strong tool to help prevent accounts and Internet of Things devices from being hacked by someone who manages to steal your password. In order to enable dual factor authentication for your Nest security cameras go to your Settings in the Nest app on your phone, tap Account and then tap Manage Account and then tap Account Security where you can set up your dual factor authentication.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”