By Holly Giles
“I’m supposed to protect my son and I feel like I failed him.” says mother Jamie Summitt after finding out her security camera had leaked videos of her baby to the internet.”It makes me kind of sick to think what kind of stuff the person may have seen and still could be out there,” Summitt said. She discovered her camera was being controlled remotely when her phone alerted her the camera was moving; “I looked over on my phone and saw that it was slowly panning over across the room to where our bed was and stopped.” She later realised this was the spot where she breastfed her son multiple times a day. This story is echoed by an Australian mother, Emma McCarthy, who saw the camera moving whilst breastfeeding: “I sat down to feed her and the camera turned to focus on us.”
Unfortunately, these women are not the only ones to have experienced this problem; over 14,000 devices from Apexis and Sumpple (both available on Amazon) are said to have been affected by this latest leak. “This is extremely serious,” says Frank Groenewegen of the cyber security company Fox-IT. “At home you must be entitled to your privacy.” However, this previously protected space has now become a feeding-ground for hackers with every device connected to the internet being a potential point of entry. Any device which you can watch remotely, turn the camera and talk through the speaker, for example smart doorbells or smart cameras, can also be manipulated to record images. This breaches people’s privacy and makes them vulnerable to further crimes.
Apexis, the parent company of Sumpple, has a database of email addresses and passwords of all it’s users. The password to access this database however has been listed in the world worst passwords, meaning it is ridiculously easy for proficient hackers to access this data. Once entry has been gained, thousands of worldwide user’s information lies uncensored and uncoded. It’s not enough to change for a user to change their password either as this will only be updated to the insecure database.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Dr. Yossi Oren, senior lecturer in Ben Gurion’s Implementation Security and Side-Channel Attacks Lab. “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.” Dr. Oren also added that “it only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand.”
A further danger is the fact that people often use the same password for other sites or security methods. There is no telling how much power and information hackers are able to gain from this data.
The leak was first reported by The Arcanum Group, a collective of anonymous hackers that included concerned parents. “Because the baby monitors also involve children, we feel compelled to inform people about this leak through the media,” says a spokesperson for the group. They did not however receive a hearing from the companies who also ignored repeated questions from the media. THe only solution for now is to pull the power on these devices and stop using them. Groenewegen saya, “it’ s an unsafe product, it’s an unsound product. And reclaim your money.”
How to stay safe when you buy a smart camera:
- Use famous brands
- See if the camera has a physical slide to cover the lens when you are at home
- Keep up to date with updates on your camera
- Use a strong password for the camera and your account
- When placing your camera remember that hackers can take control of the camera and adjust the image frame