Let’s face it. Online appliances are designed for the lowest common denominator. Consider an average person’s intelligence. Half of a manufacturer’s customers are dumber than that. If they lock-down a device too securely, they’re just setting themselves up for a lot of service calls. We all know how manufacturers feel about service calls.
Last week a Minnesota couple got a lesson in device security. One night they were lying in bed and music starting wafting into their bedroom. It appeared to come from the nursery where their infant slept. That’s odd, right? When an infant get its hands on music it’s more likely to eat the CD than put it in a player and hit “start.”
It turns out the music was coming from the Netherlands. Wait a second – you said they lived in Minnesota! Here’s what happened: The couple entered the room to investigate. The music stopped when they opened the door. Suspecting a speaker associated with their Foscam nanny-cam, they used its software to check for web sessions. They found one associated with an IP address registered in Amsterdam. Someone from that city had attached themselves to their nanny-cam and was watching them inside their house. Creepy!
This couple wasn’t alone. They discovered private interior scenes from inside homes throughout the world. “There’s at least fifteen different countries listed and it’s not just nurseries — it’s people’s living rooms, their bedrooms, their kitchens,” she told KTTC. “Every place that people think is sacred and private in their home is being accessed.”
It’s not clear how the camera was compromised. Foscam recommends your firmware be upgraded to the latest version so it could have been a bug. But they also recommend you change the default username and password so it could have been user negligence. Beyond that, they recommend placing the daemon on an alternative port and checking your logs at regular intervals. Sounds like these things were pretty insecure….
[Foscam: How To Secure Your Device]