Hacker Invades Baby Monitor in Texas Home
The parents of a 2-year-old Houston girl said they had taken all the recommended precautions in setting up their baby monitor, yet it still got hacked over the weekend. "The parents bought something they felt was safe," said Kati Rodzon, manager of Security Behavior Design for MAD Security, "but truthfully, with hacking, in most cases if there is a will, there is a way."
Aug 15, 2013 12:14 PM PT
A hacker was able to gain access to a baby monitor on Saturday night, terrifying a Texas couple as they heard the virtual intruder speak offensively to their sleeping daughter.
The parents use an Internet-connected baby monitor that is equipped with a camera to monitor the activity in their 2-year-old daughter's bedroom. Last weekend, the father told reporters from ABC News that he heard strange noises coming over the device, so both parents started walking towards her room.
They were shocked to hear a voice on the other end directing offensive and sexual comments towards their daughter, telling her to "wake up, you little slut" and calling her an "effing moron." He apparently accessed the camera and saw her name written on the wall, because he was calling her by her name.
When the hacker could tell that the parents had entered the room, he turned the camera on them and started hurling angry remarks towards them as well before the father could pull the plug on the device.
Hacking Into Homes
The child uses cochlear implants to hear and they were turned off during the attack, so fortunately she did not hear any of the offensive remarks. Nevertheless, the incident still raises questions about the power of hackers to access connected home devices.
Particularly troubling is that the child's father had taken the suggested precautions with the baby monitor, he noted in the comments section of a local news article, including adding passwords for his router and the camera and enabling a firewall.
Those are important and necessary steps for installing any kind of connected home device, said Kati Rodzon, manager of Security Behavior Design for MAD Security. Despite such measures, though, cybercriminals are almost always able to find a way in.
"The parents bought something they felt was safe, but truthfully, with hacking, in most cases if there is a will, there is a way," Rodzon told TechNewsWorld.
"There are several products that do not prioritize security -- specifically when it comes to hacking -- but it was a baby monitor," she noted, adding that it doesn't occur to many manufacturers or parents to think about the possibility of cyberattacks when they're looking to make or purchase the devices.
Playing Legal Catch-Up
It's not clear whether a police report has been filed regarding the incident, and the Houston Police Department did not respond to our request to comment on this story.
Even if there is a criminal investigation, though, it might be difficult to pin the hacker with a charge that accurately represents his crime, said Kevin Smith, an attorney specializing in criminal law.
"This particular hacker is on the frontier of cybercrime, and I believe the law will have to catch up to him in that regard," Smith told TechNewsWorld.
"Unlike most cybercriminals, he has not used his hacking to gain anything of value," Smith explained. As a result, "wire fraud or other charges commonly used in cybercrimes would not apply, so a prosecutor will likely fall back to more 20th century criminal charges like harassment, threatening, voyeurism and risk of injury to a minor."
It's also possible that the hacker could be charged under the Computer Fraud and Abuse Act for intentionally accessing a protected computer, said Susan Brenner, law professor at the University of Dayton School of Law -- but that's only if local or state authorities have the will and manpower to go after such a crime.
"The problem is that any cybercrime case involves a lot of time and expertise on the part of investigators as they gather and analyze evidence," Brenner told TechNewsWorld. "There are a lot of cybercrime cases. So even if a jurisdiction or relevant agency is excellent at what they do, they're going to have to triage cases, which means that a lot of cases are never pursued or prosecuted."
That lack of prosecution is likely to change in the near future as cybercrimes become more common and damaging, said Smith, but in the meantime, "it's a very good time to be a cybercriminal."