Baby Monitors: Who's Really Watching Your Baby?

2015-10-05-1444055473-1287795-baby_monitor.jpgA recent study by Rapid7 reported that nine of the most popular baby monitors can be easily hacked, enabling hackers to watch the very children those monitors are intended to protect. Earlier this year, feeds from 1,000 hacked baby monitors were streamed live on the website

"Anything with a camera can be accessed," says Einaras Gravrock, chief executive of home Internet security company CUJO. In addition to baby monitors, this includes security cameras, as well as laptop and smartphone cams.

Increasingly, the virtual world of the Internet is converging with the physical world through the Internet of Things. As more physical devices connect to the Internet, hackers' reach and breadth expands exponentially. Today, Internet-enabled devices include TVs, home security systems, kitchen appliances, thermostats, and more.

"Now those virtual threats can have physical impact," says Gravrock. "Someone can remotely unlock your door - or lock you in. Someone can watch your security cameras or baby monitors and see what you're doing at home."

The threat is not restricted to homes and offices - it's also spreading into our streets. In a chilling experiment gone wrong, in July, white hat hackers actually turned off the engine of Wired Magazine senior writer Andy Greenberg's SUV while he was driving on a busy freeway.

Compromise of smart devices comes from within or without the home network. Malware from bogus email offers, as well as code inserted into seemingly innocuous games and apps can assume control of a smart device. If the device is connected to the home router, which it invariably is, the hacker can assume control of every device on the network.

Outside the home, "drive by" jamming enables hackers to jam routers and assume control, impersonating the home router. Think your router password is safe? Think again. Cloud-based crackers can try millions of WPA password combinations against your router, defeating them - sometimes in minutes.

"If I take over one of your smart devices, I can use it to act as a router on your network," says Gravrock. "Imagine your computer is sending data to this rogue device, thinking that it's a router, and that rogue device reads that information, captures what it needs and send that information to China. You'll never know it's happening."

Hackers make choices about their targets and approaches in the much the same way that any businessperson does -- it's ultimately about return on investment. The choice of whether to target specific wealthy individuals or celebrities versus boiling the ocean to fleece thousands is based on cost-effectiveness.

What does home security look like in a time when motion detectors and security cameras can be turned on their owners by the new generation of criminals?

Securing the home's physical perimeter is no longer sufficient to keep the family and its belongings safe. Modern home security now encompasses the virtual world. Traditionally, this has meant changing passwords and running malware scans. Today, in addition to detecting the presence of malicious code, the behavior of home devices must also be monitored.

This involves the use of sophisticated cloud-based pattern and content recognition engines that examine patterns of behavior, both within the context of what is normal for a particular device within the home, as well as what is normal for the device in all homes. Is it functioning within predicted parameters? What content is it sending? Where is it sending that content? Behavior outside normal bounds triggers alerts and countermeasures.

This kind of cloud-based anti-hacker technology has been used in corporate America for years, though it is new to the home. Because typical households do not employ IT professionals, the new breed of home cyber defense must provide the sophistication of its corporate counterpart, with the elegance and ease-of-use of a home appliance. This new generation of cyber home security gives the physical guard dog a virtual partner.