A Houston, Texas family is still reeling from a recent frightening hacking incident involving something many parents use to keep their children safe: A baby monitor.
Just last week, parents Marc and Lauren Gilbert shared the terrifying tale of the night their baby monitor was hacked allowing some creep to verbally abuse their sleeping toddler, Allyson. The child, who suffers from a hearing impairment, was blissfully unaware of what took place inside of her bedroom. For her parents, however, the fact that the baby monitor was hacked to allow an unknown man to shout profanity and other verbal abuse at their darling two-year-old daughter is something they'll not soon forget.
What Happened In Marc and Lauren Gilbert's home? How Baby Monitor Was Hacked
The story begins on Saturday, August 10, 2013. It was evening and Marc and Lauren Gilbert had just laid their darling baby girl Allyson down for the night and then headed to the kitchen to clean up dishes from Marc's birthday dinner. Moments later, the couple heard strange sounds coming from their daughter's bedroom, which immediately alarmed them. Had someone broken into their sleeping child's space?
The couple quickly moved towards their daughter Allyson's room only to encounter something truly disturbing. Someone was in fact in their daughter's room — at least, his voice was — and he had gotten in by hacking her baby monitor.
Marc and Lauren Gilbert reported hearing a man's voice with a British or European accent calling out verbal insults and cuss words at their sleeping daughter.
The heard the man say things like, "effing moron," and "wake up you little slut."
Once Marc and Lauren entered the room the creep then started cursing at them calling Marc a moron and Lauren a b****.
Marc quickly ran over and disconnected the hacked baby monitor to protect his family from any more verbal abuse from the intruding hacker, but the incident left him feeling more than a little shaken.
"[I] Couldn't see the guy. All you could do was hear his voice and [that] he was controlling the camera."
Creepy Baby Monitor Hacker Calls Child By Her Name: Security Breeches You May Have Never Considered Could Happen To You
The incident was particularly scary to the Houston, Texas family because of how much information they realized than man was able to gain about them by simply hacking into the baby's monitor. The man was able to call their daughter by her name because the 2 year old had the words "Allyson" written out on the wall of her room as a cutesy baby decoration. Gilbert believes the man hacked not only the monitor but also the family router.
Thankfully, the child was unaware of the abuse the man attempted to subject her to, due to her being deaf. Since she was sleeping, her cochlear implants had been turned off.
Nevertheless, Marc and Lauren Gilbert feel as violated as anyone who had an intruder in their home.
"As a father, I'm supposed to protect her against things like this ... it's a little embarrassing to say the least but it's not going to happen again."
The implications for security and family safety are clearly quite large with this new baby monitor hacking attempt surfacing in the news.
So how did the man happen to hack the baby monitor and speak to the sleeping child without her parents' knowledge?
Hack In The Box Participants Reveal Security Issues With Baby Monitors
It appears the brand of monitor the family had purchased, Foscam, functions via a wireless IP connection and is no stranger to information security issues. The hacked baby monitor gained the attention of both the US CERT and NIST who posted a vulnerability summary this March, prior to the baby monitor hack which took place Saturday in a Houston, Texas home.
In addition, hackers at the Hack In The Box security conference in April spoke extensively about the information security issues caused by poorly secured technology, such as the Foscam wireless cameras. Qualisys researchers shared that a search engine called Shodan was capable of searching nearly 100,000 wireless IP cameras that are quite easily exploitable because security has not been emphasized. According to Qualisys researchers, 2 out of 10 wireless IP cameras such as the baby monitor camera that was hacked inside the Gilbert home, can easily be exploited because a person can login in as admin without a password.
The researchers then showed exactly how easy attacks can be when accessing one of these poorly secured IP cameras often used as baby monitors. To learn more about their research, read their "To Watch or Be Watched: Turning Your Surveillance Camera Against You" presentation [pdf].
Though Forcam IP cameras are in focus currently due to the recent baby monitor hack, they aren't the only camera devices, which may be allowing hackers to invade your privacy.
Tips For Securing Your Internet Connection And Baby Monitor, Preventing Hacks
In fact, it seems that some common habits from users may be making it really easy for hackers to gain control of internet connected devices. Here are a few habits many every day Joes engage in which are likely compromising their security:
1) Neglecting to register devices. Yeah, we know it can be a pain to fill out the information online or in written format and submit it, but many companies truly wish people would take the time to register new device. Otherwise, it makes the task of locating a wireless IP camera owner nearly impossible if some security violation like the hacked baby monitor were taking place. As a result, users of internet connected devices are urged to register them upon purchase to increase security.
2) Neglecting to update firmware. By maintaining old firmware on any internet connected device, you are asking for trouble. Hackers and security researchers find a plethora of vulnerabilities on a daily basis which can be exploited in the wild and used to launch malicious attacks against unsuspecting device owners. Most companies are quite diligent to patch any security vulnerabilities that arise concerning their devices, but the patch is only useful if users update their firmware! Many people however, neglect to take the time to do updates on computers and other internet devices, and as such they are far more vulnerable to hacks like this baby monitor one.
3) Setting up a weak password or none at all. Yes, if you can believe it, there are still tons of people who use the word "password" as their secret code or just opt not to have a password at all because it's too much trouble to remember. All we can say is, expect trouble. Just as most of us choose to lock our doors at night before going to bed, so also should you take care to lock up your internet connections of any kind as they are a virtual door right into your home. An unsecured IP camera could allow someone an intimate view into your world, allowing them to see you undressed or allow a burglar to watch when you leave our home. The implications for personal security are countless.
According to Dave Chronister of Parameter Security, who spoke to CBS News, users who want to secure their internet connections need to use Wi-Fi Protected Access 2 (WPA2) to set up a long password.
In addition, Cybertron International's Bill Ramsey suggested changing the default username and password on your router, on every device you purchase, as well on the website you use that gives you access to the baby monitor feed.
As for Marc and Lauren Gilbert, they are choosing another route to protect their family against privacy invasion.
"I don't think it ever will be connected again" said Marc Gilberts regarding the hacked baby monitor. "I think we are going to go without the baby monitor now."