Belkin Baby Monitor-Turned Bugging Device in new Hack

  • 24 October 2013
  • 2 replies
  • 2662 views

Userlevel 7
About three months ago, I wrote about a baby monitor hack that resulted in a truly frightening night for a Texas couple and their toddler, who were terrorized by a man who was able to hack the device and then proceeded to shout expletives through the monitor that was placed next to the sleeping baby.
 
As it happens, baby monitor hacking is back in the news. According Dan Goodin of ARS Technica, a security researcher by name of Nitesh Dhanjani (ironically the same researcher I mentioned in the original baby monitor hack story who discovered a vulnerability in a popular LED lighting system), has come up with a proof-of-concept attack on a wireless Belkin baby monitor, showing how it can be turned into an 'iPhone/iPad-controlled bugging device'.
 
"The ease if connecting is no doubt intended to be one of the selling points of the WeMo monitor. But its lack of password authentication can just as easily be viewed as a liability since it exposes users to surreptitious monitoring by baby sitters, former spouses, or anyone else who even once manages to get on the home network. The only way to be sure that the device is locked down is to continually check the monitor's settings panel to ensure no unrecognized devices are connected to it."


Here is the video demonstration from the story:
 

 
 
Dhanjani also found weaknesses in other Belkin products, but company support representatives, much in the same way Phillips had responded to his findings of the lighting system vulnerabilities, said that the baby monitor was 'no more insecure than ayn other computing device, at least when users follow standard security procedures.'
 
I'd love to hear your thoughts on these potentially-scary vulnerabilities and the companies' responses. You can read the full story by clicking the aforementioned ARS Technica link .

2 replies

Userlevel 7
Badge +56
Remember this one Yegor it's getting to be a habit nothing is secure anyone. https://community.webroot.com/t5/Security-Industry-News/Baby-Monitor-Hack/m-p/53938#M2113
 
Daniel
Userlevel 7
The newer devices certainly are making the news, and they are 'hackable' over a much longer distance than the old fashoned ones, but the old ones were plenty insecure as well.  Any plain scanner can pick up the signals from the old non-connected ones.  In fact, my plain cheap scanner picks up our old model monitor that we used with our little ones a LOT better than the actual receiver.  Maybe someone around the world can't pick it up but I promise your neighbors across the street could have 🙂

Reply