14 DAY TRIAL // Attackers took control of a wireless IP camera manufactured by Foscam, set up as a baby monitor, and used it to spy on a 3-year-old and his parents, following them in the room as they moved.
With IP cameras reaching an increasing number of homes, the risk of having them compromised also increases, especially if they are not secured with a strong password.
However, this couple say that they had protected the wireless camera, as per the instructions received from the manufacturer, but despite this security measure, the device was hacked.
Attackers talked to the baby
Initial warnings that something was wrong came when their son told them that someone was speaking to him over the “phone” at night, although, given his age, he could not properly explain what happened.
The haze lifted when they heard a man saying “Wake up, little boy, daddy’s coming for you” and the camera started to follow them in the room, KIRO 7 reports.
Foscam was contacted by the parents for an explanation, and the company told them that “it was possible that someone, somewhere, hacked into the system and were controlling it with a laptop or a smartphone app.” The manufacturer also added that there is no way of learning the identity of the perpetrator or their location.
This is not quite true, as Foscam cameras come with logging capabilities that could reveal at least if a connection originated from an unauthorized IP address, thus proving the attack.
Company claims new firmware has no known security risks
The devices sold by Foscam have a history of being vulnerable, multiple security researchers pointing out security flaws and methods of gaining access to sensitive data in plain text, such as access credentials.
The maker says in a notification on its website that it fixed all the vulnerabilities in the firmware powering the devices and that there are no known security risks as of April 17, 2015.
Moreover, Foscam claims that the latest firmware for its cameras includes “protection against various types of online hacking and unauthorized access.”
It is unclear if the parents had updated their monitoring device with the latest firmware version.
As a side note, we tried to contact Foscam via the support chat for details about the capabilities of their devices and when certain security measures were implemented in the firmware, but we gave up after being passed to Kenneth, Calvin, Walter and Samuel (during the same session) and none of them responded back.
