“Mummy, I’m Afraid of the Man in the Monitor”

California Wants to Ban Encrypted Phones in 2017 to Fight Human Trafficking
January 26, 2016
Google’s Move To Shame Unencrypted Sites
February 2, 2016
Show all

“Mummy, I’m Afraid of the Man in the Monitor”

It’s almost like a scene from any Paranormal Activity movie. But in all the horrific nightmares you could conjure up in your mind, this could be the most twisted and sickening because it is not dealing with ‘supernatural forces’, but rather real predators targeting real people in real life situations.

baby monitors

Source: CBS News

In general, baby monitors act as a tool for parents’ peace of mind to keep a watchful eye on their kids. But little do they know about the vulnerabilities and the dangers of hackable baby monitors. Following several reports of consumers recounting their horror tales of their monitor devices being hacked and abuses shouted at their children, American parents have been warned to be more wary of the types of baby monitors they are choosing to bring into their homes.

 

Creepy baby monitor stories

1) In 2013, a Houston couple were left shaken when they discovered a hacker had accessed their baby monitor to shout profanities at their then two-year-old daughter. Not only did the hacker make lewd comments to their toddler such as “wake up you little slut” and “effing moron”, the man had accessed the monitor’s camera and also called the child by her name “Allyson”, which was spelt out on the wall. When the parents, Marc Gilbert and his wife Lauren entered the room, the voice began swearing expletives at them too, by calling Gilbert a stupid moron and his wife a b****.

 

2) ohio heather

Source: NBC News

Heather Schreck was asleep in her Ohio home around midnight in April 2014 when she woke up to the sounds of a man screaming “Wake up baby! Wake up baby!” at her 10-month old daughter, Emma. When Heather checked her phone screen, she could see the camera monitor moving around the room. That’s when the screaming picked up, according to Fox 19 news. When Heather’s husband, Adam, quickly ran into the room, the camera then turned to point directly at him.

 

3) An Indiana couple, the Denmans, were freaked out when they found out a hacker was able to infiltrate their baby monitor at home and played “Every Breath You Take” by The Police. The two-year old child was playing at home with her mother when the music suddenly started playing. At first, the mother thought it was a joke, until the hacker began making sexual noises on the monitor. After Jared Denman searched online for similar cases, he found several videos posted online showing similar hacks with the same song playing over the speakers, and the hacker used a Twitter account to brag about the breaches.

 

The ongoing investigations

Now, New York’s Department of Consumer Affairs (DCA) have launched investigations into disturbing cases of baby monitor hackings by contacting four unnamed baby monitor companies, demanding information about their security and to see evidence of complaints about unauthorised access. The DCA issued subpoenas to these four major manufacturers who market their devices as “secure” in their investigation into the security vulnerabilities of the devices and whether their security claims violate NYC’s Consumer Protection Law, which prohibits deceptive and misleading advertising. If the companies are not living up to the security promises they made in their marketing, the agencies could be hit with civil fines for deceptive marketing practices. As the investigations are still currently ongoing, no names or details have yet to be released.

Earlier this month, the Federal Trade Commission (FTC) had also issued a similar warning to parents whose houses and children’s rooms, are equipped with security cameras. The FTC agency had researched five baby monitors and already found four of them to have serious security issues, because of its ease in which it could be accessed by simple, easy-to-crack passwords. Moreover, two of the five did not encrypt the feed between the monitor and the home router and one other did not encrypt the feed from the router to the internet.

“Video monitors are intended to give parents peace of mind when they are away from their children, but the reality is quite terrifying – if they aren’t secure, they can provide easy access for predators to watch and even speak to our children,” said DCA commissioner Julie Menin in a statement.

 

Tips

Due to the Internet of Things, our everyday devices and appliances are increasingly connected online, with computing and network capabilities embedded into them. Thus, this largely affects consumers’ personal privacy when exploited, such as the case of these baby monitor hackings. These are a couple of tips parents can consider to curb these disturbing hacks:

1) Use baby monitors which are not Wifi-enabled, such as this Motorola digital video baby monitor model recommended by Ars Technica. It offers no Internet connectivity and uses encryption to protect the video and audio stream sent between the camera and a dedicated handset. Although these types of monitors will probably have their own weaknesses in their kind, it does eliminate the fear of being Internet-connected, and are arguably safer as attackers will have to be in physical proximity of the people being targeted to perform any hacking.

2) As the DCA recommends, register your product and update software, firmware and applications. If you register your product, you will be notified of security updates by the manufacturer (which are important!). Be sure to install all security updates.

3) Additionally, the FTC urged parents to look for baby monitors with strong security protocols, or at least perform some research on baby monitors with any known security vulnerabilities before buying.

4) Choose strong passwords which are changed regularly. Avoid using the default camera name and password, and only share it with people you trust absolutely.

5) For those who have existing Internet-enabled baby monitors in your homes, it is preferable to cut off usage of the monitors until vendors are able to fully-address all the identified weaknesses in their devices. Monitor the manufacturer’s website for any security advisories or patches for their devices.

 

Sources

[1] Ars Technica

[2] NYC Consumer Affairs

[3] BBC News

[4] Parent Herald

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *