backtop


Print 45 comment(s) - last by sorry dog.. on Aug 19 at 5:45 PM


  (Source: BBC News)
The perils of "always on" cameras are on display in this wild story

Even as Microsoft Corp. (MSFT) tries to sell customers on its vision of monitoring their homes 24-7 with "always on" cloud cameras, such as the Xbox One's 1080p second generation Kinect sensor, a shocking tale of the dark side of cloud-connected surveillance is emerging from Houston, Tex.

The wild story -- first reported by local news outlet ABC 13 -- involves a cloud-connected baby camera which was apparently hacked by an unknown party who used it to watch and even swear at a couple's small child.

Mark Gilbert and his wife purchased the camera -- which according to Forbes piece on the incident is believed to be a Foscam wireless camera model -- to keep an eye on their newborn, who was born deaf.  For the next two years the system -- which included the ability to talk through an included speaker and the ability to move the camera via built in actuators -- seemed perfect, until last weekend when the pair was shocked to hear a stranger's voice saying sexual things to their child from the monitor.

Foscam
Foscam's cloud baby camera.

Mr. Gilbert describes:

[The stranger] said, 'Wake up, Allyson, you little (expletive).'

Allyson was born deaf, so she has cochlear implants. Thankfully, we had them off, and she didn't hear any of it and she slept right through it.

I see the camera move on us [and we pulled the plug].

As a father, I'm supposed to protect her against people like this.  So, it's a little embarrassing to say the least, but it's not going to happen again.  It felt like somebody broke into our house.

We just use it to listen.  We almost couldn't live without it.


Now the family won't be using the cloud camera any more.  After research, the shocked Mr. Gilbert discovered his router was hacked, which appears to be how the attacker seized control of the camera.  He also figured out how they figured out his daughter's name -- it was written on the wall.

The incident is eye opening as while cloud-cameras are oft scrutinized over questions of government spying, this is believed to be the first reported instance of a non-government hacker seize control of a cloud-connected camera to spy on someone.  The Foscam camera had a vulnerability which was the subject of a keynote at a hacker conference in April; Foscam released a patch quickly, but relied on users to download and install it, which many reportedly have not done.  Such vulnerabilities are expected to become more common as cloud camera hardware is sold in greater quantities and as hackers explore the products' firmware.

Source: ABC 13



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

What a #!*$ing !*!@ty Ass Intro
By Arsynic on 8/15/2013 10:08:08 AM , Rating: 4
Microsoft isn't selling the Xbox One as a home monitoring solution. It's an entertainment box that includes a sensor with a microphone and a camera.

My home security system is cloud connected and if I had a weak password, anyone could "hack" into it and disarm my system, turn on the motion sensors and wreak havoc.

But this irrational fear isn't enough to scare me away from it. It's just too damn convenient.




RE: What a #!*$ing !*!@ty Ass Intro
By kleinma on 8/15/2013 10:58:34 AM , Rating: 3
The bottom line is this guys router was 'hacked', which probably really means this:

Guy has wireless router with no WPA2 security setup. Even if he had WEP, it is easily defeated in a short period of time. Also had default router admin password of admin/admin or admin/password making it very easy for someone to access the router and look at the connected devices on the network. From there it is just a matter of connecting in the browser to each local IP that gives a pingback to see if it has a web interface (virtually all network connected printers, webcams, etc have built in webservers).

This doesn't even sound like it is a cloud issue at all. Unless the guy forwarded a port in the router so he could remote access via the WAN IP, he was probably connecting to their wifi everytime to do this, so he was probably a neighbor.


RE: What a #!*$ing !*!@ty Ass Intro
By vol7ron on 8/16/2013 8:50:22 PM , Rating: 1
To be honest, WPA2 is quite easy to hack as well


By sorry dog on 8/19/2013 5:45:19 PM , Rating: 2
Maybe but maybe not. There are more than a few routers out there with firewall weaknesses... in fact I would guess it is a remote hacking in this case.


RE: What a #!*$ing !*!@ty Ass Intro
By Schrag4 on 8/15/2013 12:45:28 PM , Rating: 4
quote:
But this irrational fear isn't enough to scare me away from it. It's just too damn convenient.


I've said it before on this site. People will gobble up anything that provides any level of convenience, even if it opens them up to being spied on. I don't get it.

Quick question: If the NSA admitted that they were using connected home security systems like yours to keep tabs on people in their homes (not suspects, just whoever they can), would you keep it connected?


RE: What a #!*$ing !*!@ty Ass Intro
By Schrag4 on 8/15/2013 12:57:56 PM , Rating: 3
...and before you say you can secure your router, etc, what if the NSA or other agencies worked with router manufacturers, Microsoft, etc to give them back-doors? Weren't US companies providing this for the Chinese govt? Would you really put it past our federal government, given all that's been revealed in the last several months? (think Verizon for starters)

I suppose you have nothing to hide, and you'd be right...for now.


RE: What a #!*$ing !*!@ty Ass Intro
By vol7ron on 8/16/2013 8:52:55 PM , Rating: 3
The thing is, MS is one of the companies that tends to put up a fight for individual rights - one of the other companies (eg Apple) historically haven't fought "as hard"


RE: What a #!*$ing !*!@ty Ass Intro
By Reclaimer77 on 8/15/2013 2:40:02 PM , Rating: 1
quote:
It's an entertainment box that includes a sensor with a microphone and a camera.


Yes that could potentially leave you open to privacy abuses. Which was the point of the intro.

Not sure why you have a problem with it, I thought it was well done

quote:
My home security system is cloud connected and if I had a weak password, anyone could "hack" into it and disarm my system, turn on the motion sensors and wreak havoc. But this irrational fear isn't enough to scare me away from it. It's just too damn convenient.


Hyperbole.

There's no way to "password" your Xbox Kinect. It's going to be listening and watching ALL THE TIME. That's being just a *bit* too trusting don't you think? I don't think it's being irrational to question the need for your game console to behave in such a manner.


RE: What a #!*$ing !*!@ty Ass Intro
By NellyFromMA on 8/15/2013 3:13:42 PM , Rating: 3
Didn't Microsoft just retract this and say Kinect will not be required for system operation? Might as well provide the most accurate information, no?

Also, the article is about a baby monitor that was internet enabled and became hacked, as all things with remote access can be, password or not. Microsoft didn't make the baby monitor, so it seems like someone was just eager to feature an MS rant in the article more than a legitimate segway (which it couldn't even segway into because it opened up with it, somewhat awkwardly even)

Finally, I highly doubt this is the first reported incident of someone's home surveillance being hacked. Maybe Jason was just hitting the sauce today?


By ClownPuncher on 8/15/2013 3:26:31 PM , Rating: 2
Yes, the Kinect 2.0 is not required anymore.


RE: What a #!*$ing !*!@ty Ass Intro
By Reclaimer77 on 8/15/2013 3:36:52 PM , Rating: 1
quote:
Didn't Microsoft just retract this and say Kinect will not be required for system operation? Might as well provide the most accurate information, no?


Hell every goddamn day it seems Microsoft is making some statement, changing some plan, about the new Xbox. If they did change the Kinect requirement too, I guess I just forgot. My bad I guess.

Maybe people having real concerns about privacy had something to do with that change? Just a bit?

quote:
Microsoft didn't make the baby monitor, so it seems like someone was just eager to feature an MS rant


No, it seemed like someone was making a larger statement about connected devices in our ever-increasing 'cloud' dependency, and used this baby monitor story as a bridge to THAT. What's the problem?


RE: What a #!*$ing !*!@ty Ass Intro
By Piiman on 8/17/2013 2:52:21 PM , Rating: 2
Why is everyone pointing at MS about its camera? There have been cameras in laptops and PC's for years. But now all of a sudden if MS has one on the Xbox it's a spy tool for the NSA? My God!

"this is believed to be the first reported instance of a non-government hacker seize control of a cloud-connected camera to spy on someone"

This makes it sound like it’s a common and known fact the Government hacks home cameras. Can someone point me to a story that confirms even a single government hack of a camera in someone home?

I hope all you paranoid loony tones put tape over you phone cameras, lap top camera and web cams and get off the Internet also. No network to home no hacking, simple.

I also hear the government can see you though your TV so watch out! LOL


who does this?
By BRB29 on 8/15/2013 9:04:39 AM , Rating: 5
This is not even something to be proud of lol. This is just plain weird and creepy.

Why can't people just hack MS servers and give away free Office/Windows Keys.




RE: who does this?
By Piiman on 8/17/2013 2:53:28 PM , Rating: 2
What does this even have to do with MS?


Is the "Cloud" Safe?
By tng on 8/15/2013 8:45:31 AM , Rating: 2
So the hacker got in through a vulnerable router and this guy probably didn't have passwords setup, but really can you trust all of the cloud connected devices?

I mean, there are just so many people out there that will hack something just to prove that they can do it.

I have some cloud connected light switches in my house so I can control them with my phone when I am gone, but having someone looking at inside of your house? Creepy.




RE: Is the "Cloud" Safe?
By tastyratz on 8/15/2013 9:06:49 AM , Rating: 2
cloud is a fancy catchphrase way to say available by server so yes, yes you can trust them when you follow best practice and use an appropriately secured server. He probably did just have an open wifi connection and someone was wardriving - probably nothing to do with the camera or the "cloud" it was on.


IP Camera on unsecured router
By Ristogod on 8/15/2013 10:57:42 AM , Rating: 1
It doesn't sound to me like any cloud service was hacked, but rather the parents left their own devices unsecured. Their fault.




By jklauderdale on 8/19/2013 9:19:16 AM , Rating: 3
So if a car doesn't have an alarm it's the owner's fault someone popped the lock and rummaged through it?

I'll agree that they should have secured the device and their network better but it's not the parents' fault some sick fk invaded their privacy and was getting off watching their 2yr old daughter.


Reality check
By Monkey's Uncle on 8/15/2013 11:07:46 AM , Rating: 2
Have you ever looked at the installation instructions for these devices. Very seldom do they provide complete instructions for securing the devices -- only the bare minimum needed to in stall them.

Routers, cloud cameras and other such devices are set up to be installed by complete techno-noobs because not everyone out there has a degree in computer science or even high-school level education in networking.

A case in point is one day I looked at a list of the wireless networks around my house and noticed my neighbor's wireless was unsecured. Knowing the default IP addresses, user id's and passwords for most of the consumer routers out there, within seconds I was into this neighbor's router admin page. I walked over to the neighbor's house with these and explained exactly what I could have done to his network (i.e. locking them out of it and giving myself exclusive godlike control of it as well as snooping on anything they do).

To say they were shocked is an understatement. I left that neighbor with detailed instructions on how to secure his network and keep people less honest than myself out of it.

Bottom line: Routers, webcams, cloud monitoring are all purchased and installed by normal people that are not always technically adept. The install instructions are extremely simple and only go so far as installing the device, not securing it. I am not blaming the owner for being a techno-dweeb. I am blaming the manufacturer of the router and cloud camera for not providing sufficient instruction on securing the owners from unwanted intrusion.





By jimbojimbo on 8/15/2013 11:22:28 AM , Rating: 2
Do any of you own any IP cameras? All the Foscam cameras I've had have web access but none have SSL. If anybody sets up their camera so they can access it remotely a simple traffic sniffer will dig up its address and credentials. Simple as that. All these IP camera offerings seriously needs SSL. I'm certain most people are completely incapable of setting up a SSH server to use to tunnel to their cameras which is essentially what they'll need. I guess they can use stunnel as well to try to hide their credentials but then they'll have to watch their certificate as well.




What isnt said...
By Lord 666 on 8/15/2013 11:47:42 AM , Rating: 2
Is the creep is more than likely a neighbor that got into the router via WiFi.




Since when does ddns = cloud?
By martyrant on 8/15/2013 1:59:04 PM , Rating: 2
^

I have a few of the Foscam's and I don't see how they are a "cloud" solution.




Cloud Connected?
By NellyFromMA on 8/15/2013 3:30:05 PM , Rating: 2
Um, are we just saying everything that is connected to the internet is likewise connected to the cloud now? I guess every technical person that I know equates cloud-services to dynamically-clustered environments (often virtually-spun up) that dynamically scale-out to load demand, providing services to clients / devices. Yet, this article basically just generically implies this guys internet enabled device was accessed by exploiting his router on his private LAN somehow means it was 'cloud enabled just like the kinect' which does NOT equate to a cloud service at all at in this instance.

DT has turned into a regular max fail when it comes to, well, tech...

They sure didn't fail to take a stab at MS and the XB ONE though...

Can you at least get the tech stuff right first?




router hack?
By DocScience on 8/15/2013 3:59:05 PM , Rating: 2
The device operates in port forwarding mode, so outside of router NAT space, an open door to the outside.

The device is also a trusted local lan member, so IF the router had no password or default password, you come in through the forwarded port and access the router via local lan completely normally.

Moral of the story, lock all doors.




By NesuD on 8/16/2013 8:22:40 AM , Rating: 2
I bet neither the wireless ap or the camera was properly secured.




By overlandpark4me on 8/16/2013 1:00:52 PM , Rating: 2
they never locked their wifi down, never changed the default pw, and bingo...




Aren't we all missing a point?
By Richlet on 8/19/2013 8:32:28 AM , Rating: 2
Point being, what kind of sick POS does something like this? This is the culture we computer nuts are cultivating? Who talks sex to a baby, and thinks it's actually funny? It's not, it's disgusting. I'm waiting to see which person on this forum actually *defends* doing this and saying it's MS's fault it ever happened. A sick mind finds a way.




Not a 'router' problem.
By half_duplex on 8/15/13, Rating: 0
arthurt1johnson
By arthurt1johnson on 8/16/13, Rating: 0
ANd in another note
By Dr of crap on 8/15/13, Rating: -1
RE: ANd in another note
By vortmax2 on 8/15/2013 11:12:30 AM , Rating: 2
Really? Can we agree that it wasn't a good thing to do...hacking into someone's network and cursing their little child? Do there have to be all these 'levels' of bad so we can overlook the 'not so bad' stuff?

What's bad is bad...period.


RE: ANd in another note
By jimbojimbo on 8/15/2013 11:31:02 AM , Rating: 2
Anybody that is so bored that they think swearing at a child is funny obviously has no morals and will do absolutely anything they think they can get away with. He needs to be eliminated for the bettering of society.


RE: ANd in another note
By NellyFromMA on 8/15/2013 3:16:18 PM , Rating: 3
Eliminated? Really? These forums are wild, really.


RE: ANd in another note
By flyingpants1 on 8/16/2013 12:28:57 AM , Rating: 2
You're next.


RE: ANd in another note
By TSS on 8/16/2013 4:14:44 AM , Rating: 2
Naw they're not wild, just amuzing.

After all where else are you going to find a guy claiming that a person breaking into a cloudbased webcam "has no morals", yet that same guy is fine with killing another human being for just breaking and entering (if that) in the very next sentance.

Know why that's amuzing? No edit button.


RE: ANd in another note
By NellyFromMA on 8/19/2013 1:21:32 PM , Rating: 2
Hahaha, very true.


RE: ANd in another note
By Sazabi19 on 8/16/2013 8:38:02 AM , Rating: 2
*Handbanana* Tonight.... you.


RE: ANd in another note
By kleinma on 8/15/2013 11:55:39 AM , Rating: 3
spoken like someone who is not a parent.

When you have kids, and some stranger is talking to them over the baby monitor saying who the hell knows what, we will see if you have the same opinion. On the other hand, maybe you should not be allowed to reproduce.


RE: ANd in another note
By Dr of crap on 8/15/13, Rating: -1
RE: ANd in another note
By kleinma on 8/15/2013 12:20:56 PM , Rating: 2
So if you found out that for some unknown amount of time, a stranger has had full video access to your kids rooms, and was saying who the hell knows what to your children, you just would think that was fine and dandy?


RE: ANd in another note
By Dr of crap on 8/15/2013 1:27:49 PM , Rating: 2
You use a monitor, called "baby" monitors for - babies, so first they can't communicate, second you use them when they are sleeping.
Yes I agree someone "peeping" in on your home is a bit creepy, but can we stop the sensationalism of it. The kid wasn't touched.

Like I said disconnect it and get a "real" monitor that doesn't or need to be web connected. Why would you NEED web ability? Do you plan and leaving you infant alone and leave them home alone?


RE: ANd in another note
By kleinma on 8/15/2013 1:38:52 PM , Rating: 2
"baby" monitors can be used for years. Parents will often use monitors until the child is a few years old, at which point the child can cetainly speak and can easily learn words. This isn't about "web" ability, although you are totally wrong in your assumptions. I guess with your 2 kids, you never, ever had a babysitter or relative come over to watch your kid and put them to bed so you could go out. While you are out maybe you would want to check on the monitor. However that isn't even the point. The more likely use for this "connected" monitor is that it is not exposed out to the web, but it becomes accessible by ANY device with a webbrowser on your local closed network. No need to buy monitor/receiver when your PC/laptop/ipad/phone can be the receiver.


RE: ANd in another note
By ven1ger on 8/15/2013 3:53:11 PM , Rating: 2
Your defense of a pervert is somewhat disgusting. It isn't just creepy, it's an invasion of one's privacy. If a person is willing to do something like this, then who's to say that the person isn't do worse things.

Let's not forget about some laptops that have cameras and that have security software that spies on the individuals, I guess that is okay too if they are peeping at you through this because it's just creepy but you're not being touched. The FBI virus that utilizes your webcam to take a snapshot of yourself to include in the virus attack, is another way of capturing images, imagine if there was a virus that infected your computer and turned your webcam into a view for the entire internet community to view, I guess it's just creepy but you're not being touched so no harm done.

Anyone that wants to defend this sort of practice whether or not someone is harmed or not is just sick. I hate to imagine if this was one of those nanny cams that was hidden away in a teddy bear or something and it started swearing at a child that didn't have a hearing disability, the child could have trauma of stuffed animals for a long time. But they haven't been touched so I guess it's not bad.

Then to insinuate that the parents did something is in itself just as sick. Every parent makes decisions they hope will protect their child, some may not have been good ideas, after the fact, but there is no way to 24/7 watch your kids. The parents tried to do the responsible thing, put a baby monitor in their child's room so they could monitor their child when the child is sleeping, just like countless number of other parents do, I never did but I don't lay the blame on the parents for this.

Don't try laying a guilt trip on the parents, the fault lies with the perp., its sad to say that we have to protect our kids from perps like that but it is also just as bad to have people defending perps like that.


RE: ANd in another note
By amanojaku on 8/15/2013 4:16:39 PM , Rating: 2
quote:
Yes I agree someone "peeping" in on your home is a bit creepy, but can we stop the sensationalism of it. The kid wasn't touched.
Yet. Or is it OK for someone to someone to stand in the bushes and just look in the windows, because he isn't touching?
quote:
Why would you NEED web ability? Do you plan and leaving you infant alone and leave them home alone?
You never heard of babysitters? Sometimes you want to check on them.

I'm not a parent, and even I know this.


RE: ANd in another note
By Reclaimer77 on 8/15/2013 2:46:30 PM , Rating: 1
As if we needed more proof you are a total worthless (expletive), you post this?

If it has to be explained to you, which apparently it does, why this is "bad" - you don't deserve to draw breath.


"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki