Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible.
Shodan is a search engine for the Internet of Things, scanning the public Internet for devices communicating on ports and over protocols that are commonly used by IoT devices. By feeding it the right parameters -- Real Time Streaming Protocol (RTSP, port 554) -- you can find innumerable publicly shared webcams, ranging from CCTVs that oversee marijuana grow-ops and many, many baby-monitors.
"The consumers are saying 'we're not supposed to know anything about this stuff [cybersecurity]," he said. "The vendors don't want to lift a finger to help users because it costs them money."
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? When 2008-era malware like Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
"The bigger picture here is not just personal privacy, but the security of IoT devices," security researcher Scott Erven told Ars Technica UK. "As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby's crib."
Internet of Things security is so bad, there’s a search engine for sleeping kids
[J.M. Porup/Ars Technica]
A Freedom of Information Act request reveals that the DEA spent $575,000 buying access to weaponized zero-day exploits sold by Hacking Team, the hacked and disgraced Italian cyber-arms dealer who outfitted despots, dictators, the FBI, and America’s local police departments.
Ad-blockers begat ad-blocker-blockers, which begat ad-blocker-blocker-blockers, with no end in sight.
The mysterious tragicomic hacking group The Shadow Brokers continues to dump incredibly compromising cyberweapons and internal information looted from the NSA, accompanied by Borat-compliant gibberish that reads like someone trying to make you guess whether there’s a false flag in play, and if so, who is waving it.
Even the most expensive pair of hi-fi headphones can’t match the feeling of bass rumbling through your body at a live show. That’s why music aficionados designed The Basslet, an accessory that reproduces that sensation from your wrist. Does it make your whole body shake with deep subs? Not really, because that would be terrifying, but […]
They probably just sleep a lot. But still, you can remotely keep an eye on them when you’re at work and missing them deeply with this HD monitor from Kodak.If you have a new puppy that destroys everything in sight, or you just want to be a little more security-conscious, this WiFi camera is a […]
Thinking of a business idea is the easy part. Doesn’t even have to be a “good” idea, you can still get people to throw money at a non-existent venture, but to do that you need to at least have something even resembling a viable business plan. Why doesn’t anyone do it then? Because building that semi-viable […]