Hacked Baby Monitor Caught Spying On 2-Year-Old Girl

http://www.huffingtonpost.com/2013/08/13/hacked-baby-monitor-houston-texas-parents_n_3750675.html

Allegedly it was a Foscam wireless camera with a firmware vulnerability that can be exploited via a number of methods. A patch was released to address the issue.

Pretty tough to guard against this type of thing. Always use a well-established, trusted brand, and a model that has been used in the market for a while. And while you're at it, make sure you home network is secure...

How to Secure Your Home Network - howstuffworks
How to Make Your Home Network More Secure - lockergnome
How to secure your home Wi-Fi network - PCWorld
How Secure Are You Online: The Checklist - LifeHacker
Secure Your Home Wi-Fi Network - LifeHacker

 

Why would you put a baby monitor online?

Leaving your baby alone, even if you can watch remotely, is stupid and illegal. And leaving your baby alone with someone who you need to monitor also seems unwise.

 

Wait, so baby monitor companies have been helping people break the law for over 80 years? And no one has ever been arrested for it?

 

I meant "alone" like "not in the same house" rather than "not in the same room" Some people live in very large houses, I know. But

 

The parents weren't using it remotely. The article mentions he just walked down the hall to get to the room; they couldn't have been very far away since the voice woke them up.

I think they just connected it locally and didn't realize it was exposed to the internet.

 

People need to take a good hard look at their reasons for wanting/using remote monitoring equipment for babies and small children. They're a 2nd rate substitute for real human attention and monitoring.

 

Baby monitors are fine. Just make sure to encrypt them with AES, only connect known MAC addresses and of course shield your new born babies room with a Parabolic Faraday Cage. I am father of the year, nothing is too much for Justin Timber-lake Gonzales III.

 

That makes absolutely no sense. None of that will do anything when there's a hole in your firmware.

You're falling into the infamous "50ft stake in the ground" fallacy. (Others use the "vault door on a tent" analogy.)

None of these things do much good when the rest of your apparatus is negligible or non-existent. The enemy is just going to go around them.

 

Schneier's take: