Warning over security of baby monitors

Security flaws in common baby monitors allowed hackers to break into the devices “easily” - and watch silently through hundreds of cameras.

The faulty software allowed anyone with the right internet address to freely access the “feed” from Trendnet cameras - and has prompted an investigation by America’s Federal Trade Commission into the safety of “connected” devices.

After 700 cameras were accessed, Trendnet has agreed to a 20-year security audit of its devices - and the FTC is to investigate the security of other “connected” devices in November this year.

At present, few laws govern the security standards required of such devices - either in the U.S. or the UK.

Security researchers have already shown that it is possible to access, for instance, the webcam in a web-connected television - prompting Samsung to issue a warning saying that families could consider covering the cameras when not in use.

In a case earlier this year, a hacker spied on and insulted a toddler in her bed via a web-connected baby monitor made by the company Foscam.

 Marc Gilbert, of San Antonio, said that he saw the baby monitor move and heard a voice say, “Wake up, you little [expletive]”

[Why Galaxy Gear is the first real "Smartwatch"]

The FTC said in a statement, “This is the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the “Internet of Things”.

“The Internet of Things holds great promise for innovative consumer products and services.  But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet,” said FTC Chairwoman Edith Ramirez.

Symantec’s Security CTO, Greg Day, said earlier this year, “From our perspective, the most interesting phase of the development of the Internet of Things could also be the most challenging, as devices and software are created which ignore or de-proritise security features in the drive to get products to market.”

“We've seen this lack of attention to security in the past, together with resulting weaknesses in the technological fabric which are open to exploitation by cybercriminals.”

“Smart TVs” - internet-connected televisions - can be hacked, according to researcher SeungJin Lee, allowing attackers to “watch” families through webcams, and working even if the victims try to turn the set off.

More than 80 million Smart TVs sold around the world in 2012, Lee says - but, “we hardly see security research on Smart TVs.”

Lee showed off an attack on a Samsung television that allowed him to insert fake news stories into a Smart TV’s internet browser.

There are 200,000 “home automation systems” in UK homes, allowing people to unlock their front door with a touch of a button - but researchers warn that it’s all too easy for hackers to do the same by breaking into a home network. 

“Connecting things to a network opens up a whole range of vectors of attack, and when you are talking door locks, garage doors, and alarm controls it gets scary,” says Trustwave consultant Daniel Crowley.

Earlier this year, researcher Nitesh Dhanjani demonstrated an attack on a popular “connected” lighting system sold in Apple Store, the Philips Hue, which could be hacked to cause a “perpetual blackout” in the homes of users.

“By 2022, the average household with two teenage children will own roughly 50 such Internet connected devices, according to estimates by the Organization for Economic Co-Operation and Development,”

Dhanjani said “Our society is starting to increasingly depend upon IoT devices to promote automation and increase our well being. As such, it is important that we begin a dialogue on how we can securely enable the upcoming technology.”

“If someone can access your home network, but doesn’t have a key to your home, they can still unlock your door and get in,” Crowley said of what he found in gear on the market.

Many hacks rely on hackers being able to access home networks, so a good first step to keeping your family safe is to buy “all in” security software such as Norton 360 Multi Device, which offers protection on devices such as PCs, iPads and Androids throughout the home.