Hacker spies on and insults toddler in bed via baby monitor

A Texas family were horrified by an apparent hacker attack in which a criminal was able to spy on their two-year-old daughter and insult her through an internet-connected webcam.

Marc Gilbert said that he heard abuse spoken through the webcam, and saw it move. The hacker had learned his daughter’s name by using the motorized camera to read it from a display on the bedroom wall, Gilbert said. Gilbert immediately disconnected the camera system. He believes that the attacker hacked into his router and the camera itself.

“It felt like somebody broke into our house,” Gilbert told Fox News. “He said, ‘Wake up Allyson, you little [expletive]. As a father, I’m supposed to protect her against people like this.”

Gilbert says he aims to educate other parents about the risks of such connected devices.The security of “smart” home gadgetry and the “internet of things” has been under a a spotlight after a series of attacks demonstrated by security researchers.  At the recent Black Hat security conference in Las Vegas, researchers showed off hacks that could affect “connected” devices such as televisions, door alarms and toilets.

This week, researcher Nitesh Dhanjani demonstrated an attack on a popular “connected” lighting system sold in Apple Store, the Philips Hue, which could be hacked to cause a “perpetual blackout” in the homes of users.

“By 2022, the average household with two teenage children will own roughly 50 such Internet connected devices, according to estimates by the Organization for Economic Co-Operation and Development,” Dhanjani said “Our society is starting to increasingly depend upon IoT devices to promote automation and increase our well being. As such, it is important that we begin a dialogue on how we can securely enable the upcoming technology.”

Author , We Live Security

  • random

    How is this possible and how did the hacked learned all those stuff?

    • There doesn’t seem to be enough real information available on this incident to tell exactly what happened.

    • David

      My guess is they either didn’t set a password on the webcam, or used an easy to guess password on the admin account. I doubt any real hacking was done on the webcam/router itself. This is assuming the family already had the port forwarded. If not, then they likely got hacked by the router exploit (default admin password for the router admin with a dynamic DNS + apache server from the exploiter).
      Either way, it boils down to simply changing your default passwords.

    • Nick Vitiello

      Owner never changed the default username/password and searched for the service banner on a site like shodanhq.com.

      Maybe the IP address was DMZ’d so the parents could access it remotely.

Follow us

Copyright © 2017 ESET, All Rights Reserved.