╌>

'I'm in your baby's room': Nest cam hacks show risk of internet-connected devices

  

Category:  Health, Science & Technology

Via:  perrie-halpern  •  6 years ago  •  24 comments

'I'm in your baby's room': Nest cam hacks show risk of internet-connected devices
The breaches also point to a new hacking strategy that can compromise secure systems through the use of old passwords.

S E E D E D   C O N T E N T



By   Elizabeth Chuck and Jason Abbruzzese

The man’s voice came through the Nest camera of Houston mother Ellen Rigney just before midnight.

“I’m going to kidnap your baby. I’m in your baby’s room,” the voice said, Rigney told   NBC affiliate KPRC in Houston   earlier this week.

Rigney and her husband dashed in to check in on their 4-month-old, Topper, who they keep an eye on overnight with a Nest cam that doubles as a baby monitor. They found Topper sleeping peacefully in his crib, alone in his nursery.

That’s when the couple realized a hacker had gotten through the camera’s security.

Rigney’s story is not unique. Over the summer, Gabby Nader, a mother of three, “literally ripped” a Nest camera out of her nearly 2-year-old’s room in Upper Makefield, Pennsylvania, after the little girl pointed at the device and said a man had been talking to her through it, Nader told NBC News.

Meanwhile, in October, Alexandra, a mother of two from Tenafly, New Jersey, who asked to be identified by first-name only due to privacy concerns after her family’s experience, said what sounded like a group of teenagers started speaking through the camera, which she keeps in the living room to check in on her two young kids and their nanny.

“It was around 1 a.m. and my husband heard voices talking through the camera. They could see him and they started cursing at him,” she said.

“We felt unsafe, unsecure,” she said. “You never know who the heck is watching your kids and your house.”

The hacks exemplify the growing risks faced by consumers who are putting more internet-connected devices in their homes. A survey from March found that   a third of U.S. consumers own two or more so-called smart home devices .

The Nest hacks also point to an emerging strategy from malicious hackers called “credential stuffing,” in which usernames and passwords from previous data breaches are used to access otherwise secure systems.

MORE DEVICES, MORE RISKS


Headlines   dating back at least five years have documented other instances of hackers accessing wifi baby monitors, but a recent rash of hacks have brought renewed attention to the issue.

Earlier this month, Arizona real estate agent Andy Gregg   experienced a similar but far less nefarious Nest hack . A person who identified himself as a “ white hat ” — a friendly hacker who exposes security vulnerabilities so that they can be patched — began speaking to Gregg through his Nest cam, informing him he should take security precautions such as setting up two-factor authentication because “there’s so many malicious things someone could do with this.”

Gregg was able to record video of the interaction with the hacker, Hank Fordham — whom Gregg put in touch with NBC News.

“The method that we use here isn't particularly sophisticated, and that's the big problem,” said Fordham, an independent security researcher.

Fordham said he was able to hack Gregg’s camera using credential stuffing. In that method, easily accessible databases of usernames and passwords from previous data breaches are put into an automated system to look for accounts that reuse their credentials.

Fordham said credential stuffing has grown in popularity in hacking circles, leading him to look for ways to bring it to the public’s attention. (You can find out if you have been compromised by going to   HaveIBeenPwned.com   and entering your email address.)

Read more at the seeded content


Tags

jrDiscussion - desc
[]
 
Perrie Halpern R.A.
Professor Expert
1  seeder  Perrie Halpern R.A.    6 years ago

To those of you who had your reservations about these devices, you were right. If you were thinking of getting one, you might want to give it a second thought. And to those of you who have one, I hope you read on to learn how to protect yourself. 

Big brother is watching.. or at least some scary people. 

 
 
 
Citizen Kane-473667
Professor Quiet
1.1  Citizen Kane-473667  replied to  Perrie Halpern R.A. @1    6 years ago

Thanks Perrie! I followed the pwned link and found my "disposable" email address has been leaked at least 9 times. It's the one I use for surfing and signups that are required to enter sites that I really don't care about. The passwords for those sites are weak and nowhere near what I use for my financials, but it was interesting to see some of the "secure" sites that people would think guard their info well are some of the ones that were hacked!

 
 
 
zuksam
Junior Silent
1.3  zuksam  replied to  Perrie Halpern R.A. @1    6 years ago
To those of you who had your reservations about these devices, you were right.

I'm much to paranoid to have devices like that in my home, I would like a connected thermostat but I won't get one. I was over my buddies house and he called out " Alexia turn on Christmas Music" and I got this creepy feeling from knowing that that device was listening to every word we said. I guess I've watched to many movies in my life about the horrors of "Big Brother" but I know enough about our Government to know if they can't already use Alexia to listen in they are hard at work trying.

 
 
 
igknorantzrulz
PhD Quiet
1.4  igknorantzrulz  replied to  Perrie Halpern R.A. @1    6 years ago
Big brother is watching.. or at least some scary people.

Take a Good Look Brother

I've built and planted Nest's all throughout my humble abode.

The living room, the dying room, the dining room, the starving room, the dark room, the heavy room, the light room, the bedroom , the bath salts room, the creepy run out closet adjacent to the walk in microwaving  goodbye room located directly above the wrecked room housing the sex dungeon that makes Billy & Zed(N Gimp) Blush with multiple No Hope chests filled with tight Black shiny skintight leather n laced ball gagged beauties complete with Cialice and Chains themed colorful executioner hoodz, to match the chainz that bind, like cheese, but lactose free, when you Bi n wear two....but, i digress.

,

when theses cameras come with face recognizing technology, and some do as i do have one with this feature, though they can be fooled by the hoodz, it should make one question, do i really need to give up my complete privacy....? or in my case, check out this happy f'n face thats in yours, cause lil ole big young brother mother fricken another while current flows through gator clipped raviola areolas connected to utters,

whose really embarrassed.............,,,,,,,,,,not Cindy lew Who ewe think should

cause i would

F i only could 

but Y...............................................................................?

wouldn't i

 
 
 
SteevieGee
Professor Silent
1.5  SteevieGee  replied to  Perrie Halpern R.A. @1    6 years ago
To those of you who had your reservations about these devices, you were right.

A few years ago MrsGee bought me an alexa thing but I sent it back.  She said it only does things when you say alexa but I know that it's always listening.

 
 
 
tomwcraig
Junior Silent
1.6  tomwcraig  replied to  Perrie Halpern R.A. @1    6 years ago

ALL Internet devices are hackable.  Your iPhone, Galaxy, tablets, computers, baby monitors, your car, etc. are all hackable.  I bet most of you didn't think about your car being hackable.  Most vehicles are run by computer, when your low tire pressure monitor goes off, it is a wireless signal being sent to the car's computer.  Then, on top of that, you have the ability to pair the audio system with your Bluetooth devices and possibly plug in an MP3 player.  All of which can be hacked.  Ways that people can hack your phone is through Bluejacking and Bluesnarfing, evil twin wireless access points, emails, etc.

Ways to defend everything, make sure everything you can update ARE updated and change your password every 30 to 72 days and don't use an old password for more than a year.  Also, make sure, when possible that you are using a password that is not made up of common words, is at least 8 to 10 characters long, uses a combination of upper case, lower case, numbers, and symbols, and most importantly, NEVER save your passwords on your computers with internet access.

 
 
 
Dean Moriarty
Professor Quiet
2  Dean Moriarty    6 years ago

Reminds me of when I was a kid and we had a party line. I could listen to my neighbors phone conversations and they could listen to ours. 

 
 
 
lennylynx
Sophomore Quiet
2.1  lennylynx  replied to  Dean Moriarty @2    6 years ago

Do you think this might be the 'Deep State'?? jrSmiley_2_smiley_image.png

Merry Christmas Deano.

 
 
 
Jasper2529
Professor Quiet
2.2  Jasper2529  replied to  Dean Moriarty @2    6 years ago
Reminds me of when I was a kid and we had a party line. I could listen to my neighbors phone conversations and they could listen to ours. 

Somewhat, but back then, we knew who shared the phone line with us. Today, it's more nefarious, because it could be anyone, any company, and any government (including the USA).

 
 
 
tomwcraig
Junior Silent
2.3  tomwcraig  replied to  Dean Moriarty @2    6 years ago

What you are describing is called "Crosstalk".  It is when signals jump from one wire to another.  There are two types: Near end Crosstalk and Far end Crosstalk.  Near end Crosstalk is where the signal jumps wires nearest the origination point.  And, Far end Crosstalk occurs farthest from the origination point.  The main reason it occurs is due to unshielded wires without enough twists (if paired) radiate the electrical pulses going through them.  There is actually one type of wiring/cable that is immune to Crosstalk, and that is Fiber-optic.

 
 
 
Dean Moriarty
Professor Quiet
2.3.1  Dean Moriarty  replied to  tomwcraig @2.3    6 years ago

No we had an actual party line. 

 
 
 
tomwcraig
Junior Silent
2.3.2  tomwcraig  replied to  Dean Moriarty @2.3.1    6 years ago

If they were implemented correctly, you wouldn't have heard other conversations on the party line.  Hearing other people on your call(s) was via Crosstalk or a lineman's butt set.

 
 
 
Dean Moriarty
Professor Quiet
2.3.3  Dean Moriarty  replied to  tomwcraig @2.3.2    6 years ago

No there were different ring patterns for the for different phone numbers but the phone would ring at our house when the neighbors got a call and vise versa. When you made a call you would first pick up and listen to see if the neighbors were already on the line before attempting to dial. The party line was not incorrectly functioning and was used in rural areas up until the early eighties in the USA. 

 
 
 
321steve - realistically thinkin or Duu
Sophomore Participates
2.3.4  321steve - realistically thinkin or Duu   replied to  Dean Moriarty @2.3.3    6 years ago

I grew up in central Illinois, no party line but sometimes we could here conversations on our phone. (Like quietly in a background manner) We'd try to talk but they couldn't here us. (LOL even if we yelled ! ) GET OFF THE DAMN PHONE !

LOL

It didn't happen very often and eventually it stopped happening all together. 

It was actually more annoying than anything.  

 
 
 
Jasper2529
Professor Quiet
3  Jasper2529    6 years ago
For Rigney, the mother whose Nest was hacked earlier this week, the slight risk of it happening again simply isn’t worth it. She has unplugged all the cameras. “It’s a voice I will never forget, unnerving and unsettling,” she told KPRC. “You have something that’s supposed to make you feel better, and instead it makes you the opposite. It makes you feel invaded and uncomfortable.”

I'm very uncomfortable with having these "security" systems in my home and don't use them. 

When our kids were young, we had a Fisher Price baby monitor that looks very primitive today. We were shocked when we heard the voices of our neighbors through it!

Regarding passwords - Instead of creating what we "think" are secure passwords, we've found that using a password manager such as KeePass is far more secure.

 
 
 
Jasper2529
Professor Quiet
3.1  Jasper2529  replied to  Jasper2529 @3    6 years ago

91RaTlrF4-L._SX466_.jpg

 
 
 
Nowhere Man
Junior Participates
4  Nowhere Man    6 years ago

My thoughts?

How in the world we could have a set of adults that think stuff like this is good? It all tech good? No way in hell...

As soon as you invent the next best thing someone will figure out a way to use it against you....

I don't have any of this crap in my house and If I had to have it, I sure wouldn't hook it up to the net, that is plain flat stupidly asking them to come right on in......

The worst problem?

Critically thinking people could see the problem before it was a problem, they don't teach critical thinking skills anymore...

 
 
 
tomwcraig
Junior Silent
5  tomwcraig    6 years ago

Also, using old passwords to infiltrate a network or system is the OLDEST trick in the book.  You want an example of it in common movie lore?  Watch Star Wars: The Return of the Jedi.  Han Solo and Chewbacca use an "older code, but it checks out", according to Admiral Piett to Darth Vader to get to the moon of Endor.

 
 
 
Tacos!
Professor Guide
6  Tacos!    6 years ago

OK, that settles it. I've been wanting to get cameras but I figured I'd run them into my own DVR. I'm not really interested in yet another subscription fee and those systems don't seem to be very high resolution anyway. Now I have another reason.

 
 
 
igknorantzrulz
PhD Quiet
6.1  igknorantzrulz  replied to  Tacos! @6    6 years ago

just finished installing and linking upn

 36 cameras at this bar/restaurant

Thats alk u need d. run to your own dvr 

when viewing via your phone via wifi is when it at risk

 
 
 
Paula Bartholomew
Professor Participates
7  Paula Bartholomew    6 years ago

I am in favor of those baby monitors that let parents hear if the baby cries.  Anything else, parents get off of your butts and check the baby personally.

 
 

Who is online





396 visitors