[ARCHIVED THREAD] - IP Baby Monitor Hacking? (Page 1 of 2)
Posted: 4/30/2014 6:54:22 PM EDT
|
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report.
I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. 
|
|
Normally this kind of thing happens when people have IP cams and do not change the default passwords/settings. There are sites all over listing phrases to search for that will show up open webcams. Chances are the biggest hacking the hacker did was search google for a phrase, find it and go to the site. Some of the IP cams are two way voice as well, so that is how he was able to yell at the baby and dad. Probably a stupid kid up late looking for something idiotic to do. To resolve the issue, always chance default settings and passwords on anything that is connected to the web. |
|
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Someone I work with uses one to watch her kids after they get home from school. Creepy. |
|
The dad in that story is actually a good friend of mine.
What's wild is that he's very tech savvy. He always has the latest home tech that he configures himself. The companies that make these IP cams are not taking security very seriously. You have to always be looking for new patches and thats if the company bothers to update their software. |
|
Quoted:
Normally this kind of thing happens when people have IP cams and do not change the default passwords/settings. There are sites all over listing phrases to search for that will show up open webcams. Chances are the biggest hacking the hacker did was search google for a phrase, find it and go to the site. Some of the IP cams are two way voice as well, so that is how he was able to yell at the baby and dad. Probably a stupid kid up late looking for something idiotic to do. To resolve the issue, always chance default settings and passwords on anything that is connected to the web. Default password or not, is this traffic even encrypted? A remote control camera is a hell of a thing to have in your house and connected to the internet. Hell, I have painter's tape on my device's built-in webcams, and the only thing I've ever used them for is Skype. |
|
1) Change Passwords off of default in all of your home networking components.
2) Configure home router and WLAN settings for maximum security according to supplied instructions. 3) Configure ALL security features the camera system has according to the instructions 4) If its a camera that can be accessed via the internet Its just me but I like to use non standard ports in the static route through the home LAN. Remember that just because "it works" (a term I despise) does not mean its working RIGHT. Often its much easier to leave security settings off because the system will be easier to set up. Do it right and the chances of this happening to you are almost zero. |
|
Quoted:
In this case that's not what happened at all. These cameras link to a third party remote server over standard web ports. The link between the camera and the server was compromised. Quoted:
Quoted:
Same people subject to this leave their wireless gateway set to default. In this case that's not what happened at all. These cameras link to a third party remote server over standard web ports. The link between the camera and the server was compromised. Well, fuck that noise...I want shit I control, not some lame port 443 or port 80 (most likely,) connection to some Chinese made and supported device. |
|
Quoted:
1) Change Passwords off of default in all of your home networking components. 2) Configure home router and WLAN settings for maximum security according to supplied instructions. 3) Configure ALL security features the camera system has according to the instructions 4) If its a camera that can be accessed via the internet Its just me but I like to use non standard ports in the static route through the home LAN. Remember that just because "it works" (a term I despise) does not mean its working RIGHT. Often its much easier to leave security settings off because the system will be easier to set up. Do it right and the chances of this happening to you are almost zero. In this case the camera software web code itself was compromised. Absolutely nothing you could do. |
|
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Just wait till every electronic device we have is required to have a wifi connection. |
|
Quoted:
Someone I work with uses one to watch her kids after they get home from school. Creepy. Quoted:
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Someone I work with uses one to watch her kids after they get home from school. Creepy. Creepy to check on your kids? 
No. |
|
Quoted:
In this case the camera software web code itself was compromised. Absolutely nothing you could do. Quoted:
Quoted:
1) Change Passwords off of default in all of your home networking components. 2) Configure home router and WLAN settings for maximum security according to supplied instructions. 3) Configure ALL security features the camera system has according to the instructions 4) If its a camera that can be accessed via the internet Its just me but I like to use non standard ports in the static route through the home LAN. Remember that just because "it works" (a term I despise) does not mean its working RIGHT. Often its much easier to leave security settings off because the system will be easier to set up. Do it right and the chances of this happening to you are almost zero. In this case the camera software web code itself was compromised. Absolutely nothing you could do. Keep up to speed on firmware updates! Admittedly this will only patch a hole once the company knows about it but still minimize the risk if you can. |
|
Quoted:
Creepy to check on your kids?
No. Quoted:
Quoted:
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Someone I work with uses one to watch her kids after they get home from school. Creepy. Creepy to check on your kids?
No. In this day and age, for most people, you are correct. I couldn't fathom living like that today back when I was a kid. I had such minimal supervision. Times are so different. |
|
Quoted:
Creepy to check on your kids?
No. Quoted:
Quoted:
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Someone I work with uses one to watch her kids after they get home from school. Creepy. Creepy to check on your kids?
No. If you need a baby monitor to watch your kids at home while you're at work, your kids probably shouldn't be home alone... |
|
Quoted:
If you need a baby monitor to watch your kids at home while you're at work, your kids probably shouldn't be home alone... I have a better CCTV system in my house than some banks. And yes... I use it to check up on my kids from time to time. I make no apologies for it. |
|
Quoted:
If you need a baby monitor to watch your kids at home while you're at work, your kids probably shouldn't be home alone... I installed an ip system in my house less than six months ago and I'm pretty sure both the babysitter and housekeeper are performing better.  And yes, I do log in to check in on my kids from time to time, because I can.
|
|
Quoted:
Creepy to check on your kids?
No. Quoted:
Quoted:
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Someone I work with uses one to watch her kids after they get home from school. Creepy. Creepy to check on your kids?
No. With this lady its more like spying. Making sure the kids get home, sure. Watching every move they make in the house for the last 3 hours of work? Creepy. She watches everything her husband does too. |
|
Quoted:
Sounds like Remote Controllin' when we were kids. Grab the cable box remote and go out around 1AM and turn on people's TVs through their windows, turn it on Headbanger's Ball and crank up the volume. Watch the hilarity ensue. 
Dunno what kind of remote you were using, but IR doesn't transmit through windows very well. |
|
Quoted: LO Quoted: Quoted: Sounds like Remote Controllin' when we were kids. Grab the cable box remote and go out around 1AM and turn on people's TVs through their windows, turn it on Headbanger's Ball and crank up the volume. Watch the hilarity ensue. I, um, know someone who was in a community college history class with a professor who spent 2/3 of his time showing recordings from PBS and not actually teaching anything. A universal remote snuck in up a sleeve resulted in a bunch of random fast forwarding and rewinding until he sent the "broken" TV back.
 |
|
Quoted:
Dunno what kind of remote you were using, but IR doesn't transmit through windows very well. Quoted:
Quoted:
Sounds like Remote Controllin' when we were kids. Grab the cable box remote and go out around 1AM and turn on people's TVs through their windows, turn it on Headbanger's Ball and crank up the volume. Watch the hilarity ensue.
Dunno what kind of remote you were using, but IR doesn't transmit through windows very well. Whatever the old Centel Cable remotes were. This was back in the 80s when I was a kid. As long as you had LOS with the box, it would turn it on, volume control, etc. And everyone had their old console TV in the living room within site of their front windows. |
|
Quoted:
Creepy to check on your kids?
No. Quoted:
Quoted:
Quoted:
I wasn't aware that was a thing, but in a recent news story, I saw an interview that awoke to the sound of a voice coming from his kid's room. He went to investigate, and a guy was using his IP baby monitor yelling attempting to wake up his infant. When the father entered the room, the baby monitor rotated towards him, and the hacker controlling it began shouting "obscenities" at the father that couldn't be quoted on the news report. I don't think I'm even going to ask what the motivation for that was as some people are simply fucked in the head. There is one question I do have, though... I can see the utility of an IP-based baby monitor that keeps traffic within the household LAN, but why would someone want to have that traffic going out across the internet? I'm not sure I see the utility of that, and the security risks are pretty damn significant. I'm not a parent, and I'm fairly novice as an IT guy, but seeing that news report got me thinking. These are fun times we live in. Someone I work with uses one to watch her kids after they get home from school. Creepy. Creepy to check on your kids?
No. A woman I work with has lo-jacked her entire family via Friend Finder. It's pretty creepy. Also amusing, because she's always complaining that they never do anything interesting.
|
|
Quoted:
I, um, know someone who was in a community college history class with a professor who spent 2/3 of his time showing recordings from PBS and not actually teaching anything. A universal remote snuck in up a sleeve resulted in a bunch of random fast forwarding and rewinding until he sent the "broken" TV back.
Quoted:
Quoted:
Quoted:
Sounds like Remote Controllin' when we were kids. Grab the cable box remote and go out around 1AM and turn on people's TVs through their windows, turn it on Headbanger's Ball and crank up the volume. Watch the hilarity ensue. I, um, know someone who was in a community college history class with a professor who spent 2/3 of his time showing recordings from PBS and not actually teaching anything. A universal remote snuck in up a sleeve resulted in a bunch of random fast forwarding and rewinding until he sent the "broken" TV back.
Oh My! |
|
Quoted:
In this case that's not what happened at all. These cameras link to a third party remote server over standard web ports. The link between the camera and the server was compromised. Quoted:
Quoted:
Same people subject to this leave their wireless gateway set to default. In this case that's not what happened at all. These cameras link to a third party remote server over standard web ports. The link between the camera and the server was compromised. Do you know the make and model of the camera? In the report I saw, it looked like the Foscam camera I have. Mine doesn't connect to an third party site. I changed the port and default login accounts. My firewall blocks the standard ports. It would be extremely difficult for anyone to get control of my camera |
|
Quoted:
What do you do if your ISP provides an all in one SOHO router? Quoted:
Quoted:
Issues like these is exactly why you need at least pf running in front of your network, if not something like a PA-200 in front of your network. What do you do if your ISP provides an all in one SOHO router? static route all your traffic out to that device from your own firewall. |
|
If the cam is a WiFi cam, it doesn't necessarily have to be connected to the outside internet to be hacked.
I have lots of cams, but none of them are on the inside of my house. If someone wanted to hack my cams, all they would see is the outside perimeter of my house. They'd have a better view if they just drove up the street and looked. |
|
You would use the system to see what happened when you and your wife hired a baby sitter and went out. Then you could access the camera on your smartphone and make sure everything was the way you wanted it.
An old boss hooked up the store security cameras to the web and used to call us up and tell us to clean the store or send somebody home if it was slow and he saw people standing around. |
|
Quoted:
I have a better CCTV system in my house than some banks. And yes... I use it to check up on my kids from time to time. I make no apologies for it. Quoted:
Quoted:
If you need a baby monitor to watch your kids at home while you're at work, your kids probably shouldn't be home alone... I have a better CCTV system in my house than some banks. And yes... I use it to check up on my kids from time to time. I make no apologies for it. I worked at some CEO's house back in NJ that had at least 87 cameras they were in the bathrooms also. 
|