Welcome to the Internet of things. Creepy things.
Last week, Fox 19 reported that a man hacked into an Internet-enabled baby monitor in a home in Cincinnati, Ohio, and started screaming “Wake up baby!” at a 10-month-old girl.
Adam and Heather Schreck told Fox 19 that they woke up at midnight to the sounds of a man yelling at their daughter, Emma, and were surprised to find their Internet-enabled baby monitor moving -- even though they were not the ones moving it.
This is not the first time something like this has happened. In August, Marc Gilbert of Houston, Texas, told ABC station KTRK that he heard a man yelling “Wake up, Allyson, you little (expletive),” through a baby monitor to his two-year-old daughter, whose name was spelled out on the wall. (It turns out that the baby could not hear the stranger; she was deaf and her cochlear implants were turned off).
Foscam, the maker of the monitors hacked in both incidents, sells devices for around $200 that allow parents to keep an eye on their kids remotely through their smartphone or an Internet browser.
"Updating firmware is extremely important, especially if the devices in question are more than six months old," Foscam wrote in a statement to NBC News. "In the case of the Schreck’s camera in question, it was a three-year-old model and needed a firmware update."
Foscam recommended that people update their firmware and change their default password. The company also pointed out that "being hacked is not exclusive to Foscam. All devices connected to the Internet run the risk of being hacked."
On that point, security experts agree.
“It happens more often than you would think,” Brandan Geise, a security consultant for SecureState, told NBC News.
It’s not exactly a brilliant hack, either. Using widely available programs like Shodan, people can scan public IP addresses and find webcams that are externally accessible. Many manufacturers use default username/password combinations such as “admin/admin" that customers are supposed to change to remotely access their webcams, but consumers, including major corporations, don't always get around to it.
"The manufacturers know that there are things that they can do to make their devices more secure," Geise sad. "But really it comes down to them trying to make it as easy as possible for their customers to use the device."
That means simply choosing any password at all -- preferably something better than "1234546" -- can help stymie hackers who have nothing better to do than yell at other people's babies.
Note: This story was updated on 4/29 to include a statment from Foscam