Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible.
Shodan is a search engine for the Internet of Things, scanning the public Internet for devices communicating on ports and over protocols that are commonly used by IoT devices. By feeding it the right parameters -- Real Time Streaming Protocol (RTSP, port 554) -- you can find innumerable publicly shared webcams, ranging from CCTVs that oversee marijuana grow-ops and many, many baby-monitors.
"The consumers are saying 'we're not supposed to know anything about this stuff [cybersecurity]," he said. "The vendors don't want to lift a finger to help users because it costs them money."
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? When 2008-era malware like Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
"The bigger picture here is not just personal privacy, but the security of IoT devices," security researcher Scott Erven told Ars Technica UK. "As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby's crib."
Internet of Things security is so bad, there’s a search engine for sleeping kids
[J.M. Porup/Ars Technica]
A leaked demo has bright red and orange marks on ‘harmfully misleading’ tweets
• U.S. State Department blames Russia for cyberattacks that hit neighboring Georgia in October 2019 • By identifying Russia’s digital assaults on neighbors, US hopes to raise awareness of ongoing GRU attacks on US
The Defense Information Systems Agency, which calls itself a combat support agency of the Defense Department on its website, employs 8,000 military and civilian employees. The DIA, which is responsible for secure White House communications, said Social Security numbers and other personal data its network held, was likely compromised, reports Reuters, citing a letter sent […]
Assembling a truly autonomous smart home is getting closer and closer to reality every day. But for every new smart bulb, thermostat, home security system and appliance we set loose within our walls, there are still probably a half dozen “dumb” items we’d still love to replace. But whether they’re too costly or too big […]
With so many manufacturers out there these days, it’s tough to know who to trust in the ultra-competitive wireless earbuds market. If you’ve never heard of LinearFlux, you may soon. That’s because it’s a company with a stellar pedigree whose co-founders were two of the engineers behind the original success of two audio houses you […]
Two-thirds of American adults drink coffee every day. On average, they’re each drinking about three cups per day, which works out to nearly 400 million cups downed each and every day. We don’t have stats on what percentage of those cups are God awfully bad, but you have to assume with so many ways to […]