Welcome to the Internet of Creepy Things.
A man hacked into an Internet-enabled baby monitor in a home in Cincinnati, Ohio, and started screaming “Wake up baby!” at a 10-month-old girl.
Heather Schreck was asleep around midnight in her Hebron home when a voice startled her.
“All of a sudden, I heard what sounded like a man’s voice but I was asleep so I wasn’t sure,” Heather said.
Disoriented and confused, Heather picked up her cell phone to check the camera in her 10-month-old daughter Emma’s room. The camera was moving, but she wasn’t moving it.
“About the time I saw it moving, I also heard a voice again start screaming at my daughter. He was screaming, ‘Wake up baby. Wake up baby.’ Then just screaming at her trying to wake her up.”
That’s when Heather’s husband, Adam, ran into Emma’s room. Adam said the camera then turned from his petrified daughter to point directly at him.
“Then it screamed at me,” Adam said. “Some bad things, some obscenities. So I unplugged the camera.”
But the Schrecks were only beginning to plug into the truth of what had just happened.
“Someone had hacked in from outside,” Heather said.
So how many other times had someone hacked into their camera and watched their baby through their Foscam IP Camera.
Foscam, the maker of the monitors hacked in both incidents, sells devices for around $200 that allow parents to keep an eye on their kids remotely through their smartphone or an Internet browser.
“Updating firmware is extremely important, especially if the devices in question are more than six months old,” Foscam wrote in a statement to NBC News. “In the case of the Schreck’s camera in question, it was a three-year-old model and needed a firmware update.”
Foscam recommended that people update their firmware and change their default password. The company also pointed out that “being hacked is not exclusive to Foscam. All devices connected to the Internet run the risk of being hacked.”
It’s not exactly a brilliant hack. Using widely available programs like Shodan, people can scan public IP addresses and find webcams that are externally accessible. Many manufacturers use default username/password combinations such as “admin/admin” that customers are supposed to change to remotely access their webcams, but consumers, including major corporations, don’t always get around to it.
“The manufacturers know that there are things that they can do to make their devices more secure,” Geise sad. “But really it comes down to them trying to make it as easy as possible for their customers to use the device.”
That means simply choosing any password at all — preferably something better than “1234546” — can help stymie hackers who have nothing better to do than yell at other people’s babies.
This stuff hapens all the time. Who is to blame? Customers that don’t know or vendors that don’t care? If you can control your home cameras, garage door, and toaster from work, someone in China probably can too.