Over the past four years, I’ve posted several links to news stories identifying privacy and security concerns with Foscam baby cams. When I saw another story recently about parents being frightened by a stranger controlling their baby cam remotely, I tweeted, “Why are these breaches still happening?” My tweet wasn’t rhetorical and I cc’d Kashmir Hill on it, figuring she’d know the answer or find it out.
Two days later, Kashmir Hill wrote an article that answered my question:
The company released an update that would fix the problem, but did not force an update out into the wild, meaning that thousands of the cameras are still vulnerable to hackers until their owners change their passwords and download a security update.
Parents who purchased their baby cams through a third party and not directly from Foscam may not realize that they need to update and change passwords – and Foscam has no way to reach them.
Kash also points out that what may appear to be evil scary hackers may just be hackers who are actually trying to help:
Well-meaning hackers have been trying to alert parents to Foscam’s security vulnerability for years. Sometimes, their efforts aren’t subtle. (One hacker took control of a Foscam and screamed “wake up, you little slut” to a toddler in Texas in 2013; another shouted “wake up, baby” to a youngster in Ohio in 2014.) But as malicious as their methods can sound, these hackers are actually trying to do these customers a service: waking them up to the fact that the product they’re putting into “sacred” places in the home is hackable by anyone with minimal tech expertise.
Read more on Fusion, and thanks, Kash, for educating us on this.