Let’s say you use a wireless Foscam IP camera as a baby monitor and as you are trying to go to sleep at night, you hear “strange music” coming from the baby’s room. That’s what happened to a family in Rochester, Minnesota. When the mom went into the baby’s room to investigate the eerie music, “the music turned off.” Is it a haunting? No, it’s a hacker and a hijacked wireless Foscam IP camera/baby monitor.
It didn't happen just once an unnamed mom told KTTC. "We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room the music turned off." At one point, the family faced the camera "toward the wall, and then a few hours later we accessed the Foscam, and it wasn't facing the wall it was facing the closet."
“We were able to track down the IP address through the log files within the Foscam software and found out that it was coming from Amsterdam,” the mom said. “That IP address had a web link attached to it.” After following the link, she found, “at least fifteen different countries listed and it's not just nurseries -- it's people's living rooms, their bedrooms, their kitchens. Every place that people think is sacred and private in their home is being accessed.”
After searching through “thousands and thousands” of pictures coming from IP cameras, the family saw their nursery. “You can literally just sort by whatever country suits your fancy, and whatever room suits your fancy,” the mom said. “It's pretty sick.”
But this baby cam “hack” involved more than viewing inside a baby’s room, more than “strange” music playing or even a voyeur screaming or cursing at a baby. In February, there was yet another story about a hacker hijacking a wireless Foscam baby monitor and then talking to make his virtual intrusion known; it “freaked out” the nanny. In the newest baby cam hack case, the Minnesota mom said, "We faced it [Foscam nanny cam] toward the wall, and then a few hours later we accessed the Foscam, and it wasn't facing the wall; it was facing the closet."
At that point the family disconnected and removed all cameras. KTTC asked the family to plug in the camera for the news story, but reported that “in the short time they had the camera up, and us in there, pictures from their crib that day were already on the Internet an hour later. The family is now convinced the website automatically knows when the cameras come back on.”
Rochester Police told ABC 6 News that people using in-home cameras should understand the technology and change the default password. ABC News picked up the story and asked Robert Siciliano, an online safety expert to Intel Security, how to thwart nanny cam hackers.
“I recommend registering your devices with the company that provides it to you. That means if they discover a vulnerability, they will usually ping everybody's email and let them know they need to update their device,” Siciliano said. He also advised setting up “a Google alert” for the brand of camera you use “and if a researcher publishes a report that says, 'Hey I discovered this is vulnerable,' you may find out before the manufacturer does."
Of course Siciliano said the default username and password should be changed; home Wi-Fi should be encrypted and the camera’s firmware should be kept updated. Foscam added that its “cameras have embedded logs which allow you to see exactly which IP addresses are accessing the camera. You will be able to tell if an outsider has gained access to your camera.”
If you use wireless IP cameras, then you should check those logs. “If you can access it outside the home, it’s definitely possible for someone else to access that camera as well,” John Olson of Miracle Computers told WCCO.
Please take steps to guard your privacy and safeguard your security camera, or else the next baby cam hacking story might be about your family.