Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible.
Shodan is a search engine for the Internet of Things, scanning the public Internet for devices communicating on ports and over protocols that are commonly used by IoT devices. By feeding it the right parameters -- Real Time Streaming Protocol (RTSP, port 554) -- you can find innumerable publicly shared webcams, ranging from CCTVs that oversee marijuana grow-ops and many, many baby-monitors.
"The consumers are saying 'we're not supposed to know anything about this stuff [cybersecurity]," he said. "The vendors don't want to lift a finger to help users because it costs them money."
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? When 2008-era malware like Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
"The bigger picture here is not just personal privacy, but the security of IoT devices," security researcher Scott Erven told Ars Technica UK. "As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby's crib."
Internet of Things security is so bad, there’s a search engine for sleeping kids
[J.M. Porup/Ars Technica]
Unsealed court documents reveal the identity of Fxmsp, a hacker from Kazakhstan who is blamed for information theft from more than 300 companies and governments, in 44 different countries around the world.
The United States Internal Revenue Service says it purchased access to a marketing database that offers location data for millions of US cellphones, so the IRS can identify and track persons suspected of tax-related crimes.
Following the discovery and prompting of a security researcher at Awake Security, Google says it has removed 106 malicious Chrome extensions that had 32 million downloads, and which were gathering browsing history and sensitive credentials from users.
It’s almost shocking to say…but there’s actually an incredible amount of manhood wrapped up in how well you cook a steak. Of course, no one would argue your grilling abilities are THAT important. Or that how well you sear a prime slab of beef should have any bearing on your social standing or feeling of […]
The notion of two people sleeping in the same bed always inspires romantic visions of love and intimacy. However, most quickly realize that the romance of sleeping together is often quickly replaced by the realities of the act. One partner snores. The other talks in their sleep. One grinds their teeth. The other hogs the […]
Add Internet of Things to the shortlist of those actually benefiting from the effects of the COVID-19 pandemic. You might not realize it, but the organizing principle that is bringing more automation to the world is actually proving to be a major asset as human beings are forced to stay home and away from the […]