An unknown hacker apparently gained access to a 2-year-old girl’s baby monitor, calling her by name and harassing her, and her parents, with insults and profanity.
A couple in suburban Houston, Texas, told CNN affiliate KTRK that, over the weekend, they heard a strange voice in the bedroom shared by their two toddlers. When they got there, Marc Gilbert said they realized the voice was coming from the Web camera they use to keep tabs on the children.
What they heard next was ugly.
“He said, ‘Wake up Allyson, you little slut,’ ” Gilbert said. He said the hacker, who had a British or European accent, may have read her name on a wall in the bedroom.
When he and his wife Lauren arrived, Gilbert said, the camera swiveled to face them. The hacker proceeded to call him a “stupid moron” and his wife a bitch, Gilbert said, before he unplugged the camera.
The only positive about the situation, he said, is that Allyson never woke up. She was born deaf and has cochlear implants to help her hear, which she was not wearing while sleeping.
“I felt like somebody broke into your house,” Gilbert said. “As a father, I’m supposed to protect her against people like this. So it’s a little embarrassing to say the least, but it’s not going to happen again.”
Baby monitors, particularly those with video capabilities, have been shown in the past to be vulnerable. Video monitors can broadcast to TVs and hand-held receivers, or over Wi-Fi to computers, smartphones and tablets.
In 2009, an Illinois family sued the manufacturer of its monitor after they discovered that they and their neighbors could monitor each other’s feeds.
Some newer models have technology that jumps from frequency to frequency, making them more secure, while older monitors do not.
Security experts warn parents to make sure to enable passwords for baby monitors and Web cameras. Most new models are equipped with that ability, they say.
“Devices may well be protected by passwords, but default passwords that haven’t been changed are like having no password at all,” Lisa Vaas wrote for the Sophos Security blog.
Experts also say to make sure home Wi-Fi and routers are password-protected.
“Those who can’t figure this out should ask for help from somebody with security expertise — somebody they trust with the safety of extremely precious things,” Vaas said.
In comments on the KTRK article about the hack, Marc Gilbert said he did take basic security precautions: “The router was password protected and the firewall was enabled. The IP camera was also password protected,” he said.
“Of course, devices may well be protected by passwords, but default passwords that haven’t been changed are like having no password at all, as other commenters pointed out,” wrote Vaas on the Sophos Security blog.