A Minnesota family learned a hard lesson in wireless security last week, after discovering that hackers had not only hijacked control of the “nanny cam” in their baby's room, but had used it to take surreptitious photos and post them on a foreign website.
Unfortunately, such webcam hackings are nothing new. Last April, a still-unknown hacker took remote control of the baby monitor in an Ohio family's home — and was discovered only because he used the monitor's speaker to yell obscenities at the child one night, loudly enough that her parents could hear it. Had he kept quiet, who knows how long he might have continued spying on the little girl without ever being detected?
Last week, I sat at my computer and watched a young man from Hong Kong relaxing on his laptop; an Israeli woman tidying the changing room in a clothes store; and an elderly woman in the UK watching TV.
All of these people were completely unaware that I was spying on them, thousands of miles away, through devices that were inadvertently broadcasting their private lives on the internet....
And in Rochester, Minnesota, another family was similarly unaware their own child was being broadcast — until they heard unfamiliar music wafting out of the nursery one night last week. The unnamed couple told their story to KTTC-TV: “We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room the music turned off.” The music had come from the speaker of their Foscam baby monitor – but who had actually played that tune?
“We were able to track down the IP address through the Foscam software, and found out that it was coming from Amsterdam.... That IP had a web link attached to it.”
And when they checked that link, they were horrified by what they found: “There's at least fifteen different countries listed and it's not just nurseries – it's people's living rooms, their bedrooms, their kitchens. Every place that people think is sacred and private in their home is being accessed.” (More specifically, it's every place where people keep an Internet-connected camera in their home.)
After a little searching, the couple were able to find pictures of their own baby's crib on that website. “This isn't just, you know, Rochester, Minnesota. You can literally just sort by whatever country suits your fancy, and whatever room suits your fancy. It's pretty sick,” the baby's mother said.
The couple promptly disconnected their IP cameras. But when KTTC asked them to turn it back on, they made another horrifying discovery:
We had the family plug in the camera for us to do this story. In the short time they had the camera up, and us in there, pictures from their crib that day were already on the Internet an hour later. The family is now convinced the website automatically knows when the cameras come back on. The family urges all people with these cameras to change their passwords often and make them difficult.
The Minnesota couple have something else in common with the family from Ohio last year: both families had their baby monitors hacked, yet neither family had any idea until the hackers let noise get through the monitors' speakers. How long did the spying go on before that? Neither family has any way of knowing.