'I'm in your baby's room': Nest cam hacks show risk of internet-connected devices
Category: Health, Science & Technology
Via: perrie-halpern • 6 years ago • 24 commentsThe man’s voice came through the Nest camera of Houston mother Ellen Rigney just before midnight.
“I’m going to kidnap your baby. I’m in your baby’s room,” the voice said, Rigney told NBC affiliate KPRC in Houston earlier this week.
Rigney and her husband dashed in to check in on their 4-month-old, Topper, who they keep an eye on overnight with a Nest cam that doubles as a baby monitor. They found Topper sleeping peacefully in his crib, alone in his nursery.
That’s when the couple realized a hacker had gotten through the camera’s security.
Rigney’s story is not unique. Over the summer, Gabby Nader, a mother of three, “literally ripped” a Nest camera out of her nearly 2-year-old’s room in Upper Makefield, Pennsylvania, after the little girl pointed at the device and said a man had been talking to her through it, Nader told NBC News.
Meanwhile, in October, Alexandra, a mother of two from Tenafly, New Jersey, who asked to be identified by first-name only due to privacy concerns after her family’s experience, said what sounded like a group of teenagers started speaking through the camera, which she keeps in the living room to check in on her two young kids and their nanny.
“It was around 1 a.m. and my husband heard voices talking through the camera. They could see him and they started cursing at him,” she said.
“We felt unsafe, unsecure,” she said. “You never know who the heck is watching your kids and your house.”
The hacks exemplify the growing risks faced by consumers who are putting more internet-connected devices in their homes. A survey from March found that a third of U.S. consumers own two or more so-called smart home devices .
The Nest hacks also point to an emerging strategy from malicious hackers called “credential stuffing,” in which usernames and passwords from previous data breaches are used to access otherwise secure systems.
MORE DEVICES, MORE RISKS
Headlines dating back at least five years have documented other instances of hackers accessing wifi baby monitors, but a recent rash of hacks have brought renewed attention to the issue.
Earlier this month, Arizona real estate agent Andy Gregg experienced a similar but far less nefarious Nest hack . A person who identified himself as a “ white hat ” — a friendly hacker who exposes security vulnerabilities so that they can be patched — began speaking to Gregg through his Nest cam, informing him he should take security precautions such as setting up two-factor authentication because “there’s so many malicious things someone could do with this.”
Gregg was able to record video of the interaction with the hacker, Hank Fordham — whom Gregg put in touch with NBC News.
“The method that we use here isn't particularly sophisticated, and that's the big problem,” said Fordham, an independent security researcher.
Fordham said he was able to hack Gregg’s camera using credential stuffing. In that method, easily accessible databases of usernames and passwords from previous data breaches are put into an automated system to look for accounts that reuse their credentials.
Fordham said credential stuffing has grown in popularity in hacking circles, leading him to look for ways to bring it to the public’s attention. (You can find out if you have been compromised by going to HaveIBeenPwned.com and entering your email address.)
Tags
Who is online
396 visitors
To those of you who had your reservations about these devices, you were right. If you were thinking of getting one, you might want to give it a second thought. And to those of you who have one, I hope you read on to learn how to protect yourself.
Big brother is watching.. or at least some scary people.
Thanks Perrie! I followed the pwned link and found my "disposable" email address has been leaked at least 9 times. It's the one I use for surfing and signups that are required to enter sites that I really don't care about. The passwords for those sites are weak and nowhere near what I use for my financials, but it was interesting to see some of the "secure" sites that people would think guard their info well are some of the ones that were hacked!
I'm much to paranoid to have devices like that in my home, I would like a connected thermostat but I won't get one. I was over my buddies house and he called out " Alexia turn on Christmas Music" and I got this creepy feeling from knowing that that device was listening to every word we said. I guess I've watched to many movies in my life about the horrors of "Big Brother" but I know enough about our Government to know if they can't already use Alexia to listen in they are hard at work trying.
Take a Good Look Brother
I've built and planted Nest's all throughout my humble abode.
The living room, the dying room, the dining room, the starving room, the dark room, the heavy room, the light room, the bedroom , the bath salts room, the creepy run out closet adjacent to the walk in microwaving goodbye room located directly above the wrecked room housing the sex dungeon that makes Billy & Zed(N Gimp) Blush with multiple No Hope chests filled with tight Black shiny skintight leather n laced ball gagged beauties complete with Cialice and Chains themed colorful executioner hoodz, to match the chainz that bind, like cheese, but lactose free, when you Bi n wear two....but, i digress.
,
when theses cameras come with face recognizing technology, and some do as i do have one with this feature, though they can be fooled by the hoodz, it should make one question, do i really need to give up my complete privacy....? or in my case, check out this happy f'n face thats in yours, cause lil ole big young brother mother fricken another while current flows through gator clipped raviola areolas connected to utters,
whose really embarrassed.............,,,,,,,,,,not Cindy lew Who ewe think should
cause i would
F i only could
but Y...............................................................................?
wouldn't i
A few years ago MrsGee bought me an alexa thing but I sent it back. She said it only does things when you say alexa but I know that it's always listening.
ALL Internet devices are hackable. Your iPhone, Galaxy, tablets, computers, baby monitors, your car, etc. are all hackable. I bet most of you didn't think about your car being hackable. Most vehicles are run by computer, when your low tire pressure monitor goes off, it is a wireless signal being sent to the car's computer. Then, on top of that, you have the ability to pair the audio system with your Bluetooth devices and possibly plug in an MP3 player. All of which can be hacked. Ways that people can hack your phone is through Bluejacking and Bluesnarfing, evil twin wireless access points, emails, etc.
Ways to defend everything, make sure everything you can update ARE updated and change your password every 30 to 72 days and don't use an old password for more than a year. Also, make sure, when possible that you are using a password that is not made up of common words, is at least 8 to 10 characters long, uses a combination of upper case, lower case, numbers, and symbols, and most importantly, NEVER save your passwords on your computers with internet access.
Reminds me of when I was a kid and we had a party line. I could listen to my neighbors phone conversations and they could listen to ours.
Do you think this might be the 'Deep State'??
Merry Christmas Deano.
Somewhat, but back then, we knew who shared the phone line with us. Today, it's more nefarious, because it could be anyone, any company, and any government (including the USA).
What you are describing is called "Crosstalk". It is when signals jump from one wire to another. There are two types: Near end Crosstalk and Far end Crosstalk. Near end Crosstalk is where the signal jumps wires nearest the origination point. And, Far end Crosstalk occurs farthest from the origination point. The main reason it occurs is due to unshielded wires without enough twists (if paired) radiate the electrical pulses going through them. There is actually one type of wiring/cable that is immune to Crosstalk, and that is Fiber-optic.
No we had an actual party line.
If they were implemented correctly, you wouldn't have heard other conversations on the party line. Hearing other people on your call(s) was via Crosstalk or a lineman's butt set.
No there were different ring patterns for the for different phone numbers but the phone would ring at our house when the neighbors got a call and vise versa. When you made a call you would first pick up and listen to see if the neighbors were already on the line before attempting to dial. The party line was not incorrectly functioning and was used in rural areas up until the early eighties in the USA.
I grew up in central Illinois, no party line but sometimes we could here conversations on our phone. (Like quietly in a background manner) We'd try to talk but they couldn't here us. (LOL even if we yelled ! ) GET OFF THE DAMN PHONE !
LOL
It didn't happen very often and eventually it stopped happening all together.
It was actually more annoying than anything.
I'm very uncomfortable with having these "security" systems in my home and don't use them.
When our kids were young, we had a Fisher Price baby monitor that looks very primitive today. We were shocked when we heard the voices of our neighbors through it!
Regarding passwords - Instead of creating what we "think" are secure passwords, we've found that using a password manager such as KeePass is far more secure.
My thoughts?
How in the world we could have a set of adults that think stuff like this is good? It all tech good? No way in hell...
As soon as you invent the next best thing someone will figure out a way to use it against you....
I don't have any of this crap in my house and If I had to have it, I sure wouldn't hook it up to the net, that is plain flat stupidly asking them to come right on in......
The worst problem?
Critically thinking people could see the problem before it was a problem, they don't teach critical thinking skills anymore...
Also, using old passwords to infiltrate a network or system is the OLDEST trick in the book. You want an example of it in common movie lore? Watch Star Wars: The Return of the Jedi. Han Solo and Chewbacca use an "older code, but it checks out", according to Admiral Piett to Darth Vader to get to the moon of Endor.
OK, that settles it. I've been wanting to get cameras but I figured I'd run them into my own DVR. I'm not really interested in yet another subscription fee and those systems don't seem to be very high resolution anyway. Now I have another reason.
just finished installing and linking upn
36 cameras at this bar/restaurant
Thats alk u need d. run to your own dvr
when viewing via your phone via wifi is when it at risk
I am in favor of those baby monitors that let parents hear if the baby cries. Anything else, parents get off of your butts and check the baby personally.