This Security Flaw Could Be Letting Hackers Look Inside Your Kids’ Bedrooms

These days, more and more household objects – TVs, security cameras, even doorbells – are connected to the Internet. This feature is great if you want to turn your lights off remotely when you go to bed or keep an eye on your kids when you’re out of the house. But it’s not so great if you want to avoid having some stranger do the same.

In a recent article from Forbes, 34-year-old Marc Gilbert recounts the horrifying experience of having a creepy stranger gain access to his 2-year-old daughter’s Internet-connected baby monitor:

Marc Gilbert got a horrible surprise from a stranger on his 34th birthday in August. After the celebration had died down, the Houston resident heard an unfamiliar voice coming from his daughter’s room; the person was telling his sleeping 2-year-old, “Wake up, you little slut.” When Gilbert rushed in, he discovered the voice was coming from his baby monitor and that whoever had taken control of it was also able to manipulate the camera. Gilbert immediately unplugged the monitor but not before the hacker had a chance to call him a moron.

A security flaw in the baby monitor, which was designed to allow Internet access to its audio and video streams so parents can check in on their kids whether they’re home or not, was responsible for the terrifying event.

Unfortunately, it’s surprisingly easy to find and break into Internet-connected devices using Shodan, a Google-like search engine that catalogs devices that are designed to be accessible via the web. Don’t let that discourage you from creating the smart home of your dreams, though. You can protect yourself from creepos and criminals the same way you protect the rest of your data on the Internet: with passwords and common sense. (Or perhaps someday, a heartbeat-monitoring bracelet.)

If you’re going to buy an Internet-connected device, it needs to provide the option of being password-protected. If it doesn’t, it’s no good, and the companies creating security-flawed devices like this need to be punished for their stupidity in the form of not getting any of your dollars.

Once you get your password-protectable device, change the username and password. Like, to something good, with symbols and capitals and numbers. “Password” isn’t going to cut it. (Yes, “password” was indeed honored as the most common password of 2012. RIP human race.)

(via Business Insider)