The FBI is investigating another case of an IoT device gone rogue after a family in Austin, Texas, called the police regarding a hacked Wi-Fi baby monitor. Although they followed the common advice for safe online activity and changed the factory password, a criminal still hacked the device.
At first, the camera, which could only be accessed via mobile, only blinked. which meant someone had logged in. However, the monitor soon started moving left and right, confirming that someone was spying on the child. The parents instantly disconnected the device from the internet and called police, who reached out to the FBI.
This is not the first case of invasion of privacy through a hacked baby monitor or an internet router. Hackers can easily exploit such devices because they come with default passwords, which few users change, and they don’t have proper encryption enabled.
Naturally, pedophiles and sex offenders are a top concern because “they can leave the mic open and you’ll never know it,” explained Mike Adams, a forensics examiner. “They can take pictures of the children, distribute and sell them.”
Some baby monitors that lack proper security are, according to Kids Savers Network, iBaby M6, iBaby M3S, Philips In.Sight B120/37 All Models, Summer Baby Zoom Wifi Monitor and Internet Viewing System, Lens Peak-A-View, Gynoii, TrendNet Wifi Baby Cam TV-IP743SIC. Their vulnerabilities include information leaks, authentication bypass and backdoor escalation problems.
To prevent such situations, users should avoid weak and default passwords and opt for complicated structures with symbols, numbers and upper and lower case letters. The general problem with IoT is that it is mostly hackable, so it would be wise to protect your entire network, including the Wi-Fi connection and router.