Hacking baby monitors and the security ‘solution’ – a lesson to be learned

security cameraby MIKI Yoshihito (´・ω・)

Wireless baby monitor hacked, baby insulted
[Via Boing Boing]

A mystery man patched into a camera-equipped wireless baby monitor, watching and yelling abuse at a child–and its parents, when they came to see what was going on. ABC’s Alana Abramson reports from the intersection of ill will and appallingly insecure technology.

The incident occurred on Aug. 10 as Marc Gilbert was doing the dishes after his birthday dinner and he heard strange noises coming from his daughter Allyson’s room while she was sleeping, Gilbert said. “Right away I knew something was wrong,” he told ABC News. As he and his wife got closer to the room, they heard the voice calling his daughter an “effing moron,” and telling her,”‘wake up you little slut.” The hacker then began shouting expletives at her parents and calling Gilbert a stupid moron and his wife a b****

Calling it “hacking,” however, may be more storytelling than science. These gadgets–often very inexpensive–are so insecure that simply driving around with a receiver will let you peek into others’ baby bedrooms.

Using a wireless camera to keep an eye on valuable things without using any sort of security to prevent others from watching is one of those social stories we will virally tell to inform ourselves about our changing world.

What is the best solution? We could hope the makers provide enough security but cannot fully trust that they will. Absent a million dollar lawsuit they have little incentive to make sure there is proper security in place.
What about doing security ourselves? Here is a great suggestion from the comments:

SSH is your friend. (or VPN). You put the camera on your local net and don’t make it accessible from the internet directly. You setup an SSH server. Some routers can do this otherwise you need a PC always running Win/OSX/Linux. You set up dynamic dns. Most routers can do this. You then SSH tunnel into your local network to the IP camera. Too much to go into here. Maybe someone should ask this question on a stackexchange site?

Clearly there’s a market for a less geeky solution (although as a geek I have a problem trusting non-open source networking stuff).

I’m fairly knowledgeable and I just barely know what he is talking about and MIGHT, after several hours figure out how to implement it. Looks like a market opportunity – setting up and securing home networks. Problem solved.