Foscam hacked
July 17, 2015 4:26 AM Subscribe
On Wednesday night my baby monitor (Foscam) was hacked. I heard a man's voice saying obscenities in my kid's room, I went in, and it was coming from the Foscam. I unplugged it and called the police. The police checked it out and assessed that we were safe and left without anything further. We are physically fine, but it was very disturbing and we feel violated. This is not ok. This is a thing.
What can be done?
I plan to follow up with the police to see if they are pursuing it, but as they don't seem to think its their jurisdiction, I'd like to have my ducks in a row as to how to proceed. I would think this is a form of broadcasting obscenities, does anyone have concrete information?
I plan to follow up with the police to see if they are pursuing it, but as they don't seem to think its their jurisdiction, I'd like to have my ducks in a row as to how to proceed. I would think this is a form of broadcasting obscenities, does anyone have concrete information?
If it was hacked then it's publicly accessible in the Internet. You can disable that with a firewall on your router/modem, or checking the settings of the camera. I have a no-name Chinese clone of a Foscam, and that's the first thing I did.
posted by blue_beetle at 4:43 AM on July 17, 2015 [7 favorites]
posted by blue_beetle at 4:43 AM on July 17, 2015 [7 favorites]
The police aren't going to pursue it. They lack the technical expertise and agencies that might be capable, like the FBI, aren't going to get involved. It sucks, but this is the state of electronic crime in 2015.
posted by ryanrs at 4:46 AM on July 17, 2015 [9 favorites]
posted by ryanrs at 4:46 AM on July 17, 2015 [9 favorites]
i guess there are two levels
1 - you can participate in some kind of campaign to get these things made safer. i am pretty sure they could be made safer, but the cost is more development time, possibly better hardware, and a less friendly user experience.
2 - you try to prevent this from happening again by adjusting how it, and possibly your internet, are configured. a quick search suggests you can add a password. have you done that? is it a strong one? you can probably also configure your internet (or maybe even the device, as someone suggests above) so that it is not visible externally, but then you will not be able to connect from outside either. is that a trade-off you are willing to make? unfortunately these kinds of things require some expertise, or at least confidence and persistence with google search.
posted by andrewcooke at 5:26 AM on July 17, 2015 [2 favorites]
1 - you can participate in some kind of campaign to get these things made safer. i am pretty sure they could be made safer, but the cost is more development time, possibly better hardware, and a less friendly user experience.
2 - you try to prevent this from happening again by adjusting how it, and possibly your internet, are configured. a quick search suggests you can add a password. have you done that? is it a strong one? you can probably also configure your internet (or maybe even the device, as someone suggests above) so that it is not visible externally, but then you will not be able to connect from outside either. is that a trade-off you are willing to make? unfortunately these kinds of things require some expertise, or at least confidence and persistence with google search.
posted by andrewcooke at 5:26 AM on July 17, 2015 [2 favorites]
This is terrible, I am so sorry this is going on. One of those linked articles says that when the father unplugged the monitor when hearing the hacker he lost the record of ip addresses. I don't know if foscam has fixed this since then to preserve data after the monitor is unplugged, but in case they haven't, if it happens again maybe it's better not to unplug it (and just turn off) . However seriously i would consider just using an old fashioned non-internet baby monitor. Because ugh who needs the worry.
posted by flourpot at 5:31 AM on July 17, 2015 [2 favorites]
posted by flourpot at 5:31 AM on July 17, 2015 [2 favorites]
You need to determine whether the Foscam is visible to the world, or whether this was someone on your wifi or wired local network.
posted by ftm at 5:44 AM on July 17, 2015 [1 favorite]
posted by ftm at 5:44 AM on July 17, 2015 [1 favorite]
Frankly, I think you should be following up with Foscam. Make sure they understand you'll be mentioning their name widely on social media and that their product security let your family down very badly. But first you should do a little due diligence to make sure that you did not connect the device on a public-facing internet connection with a default password still enabled. If you were using it properly and this still occurred, however, they should absolutely be called to account for this with an explanation of how it happened and how they will prevent it from ever happening again.
posted by Nerd of the North at 6:40 AM on July 17, 2015 [15 favorites]
posted by Nerd of the North at 6:40 AM on July 17, 2015 [15 favorites]
Some ideas to secure your network and your camera:
==Wireless network security==
Is your router firmware fully updated?
Is WPA2 wireless security enabled instead of the older, insecure WEP security?
Is your router admin account password protected (not the same as wireless security password)?
Make sure both wireless and admin passwords are unique and not easy to guess.
Is your router firewall enabled?
==Foscam security==
Is the Foscam firmware fully updated?
Is the Foscam security enabled with a non-standard password?
Is the Foscam connected to your wireless network and not accidentally connected to a nearby open wireless network?
Make sure you subscribe to the Foscam newsletter to be notified of future important firmware updates.
posted by bluecore at 7:09 AM on July 17, 2015 [5 favorites]
==Wireless network security==
Is your router firmware fully updated?
Is WPA2 wireless security enabled instead of the older, insecure WEP security?
Is your router admin account password protected (not the same as wireless security password)?
Make sure both wireless and admin passwords are unique and not easy to guess.
Is your router firewall enabled?
==Foscam security==
Is the Foscam firmware fully updated?
Is the Foscam security enabled with a non-standard password?
Is the Foscam connected to your wireless network and not accidentally connected to a nearby open wireless network?
Make sure you subscribe to the Foscam newsletter to be notified of future important firmware updates.
posted by bluecore at 7:09 AM on July 17, 2015 [5 favorites]
I would secure it as best you can, then put up a sign on the wall with a curious-looking URL that you own. On the off chance that your hacker is a drive-by idiot, you might be able to get enough useful log information (or other trickiness-derived info he might give) from his visiting that URL to really cause him concern. :-)
posted by circular at 7:16 AM on July 17, 2015 [1 favorite]
posted by circular at 7:16 AM on July 17, 2015 [1 favorite]
Apologies if you've already checked this, but have you followed FosCam's advice on securing the camera? I know nothing about FosCams, but reading that it looks like it's designed to be an Internet-accessible device. That means you need to administer it, including changing the password and updating the firmware regularly. From what I've read the 2013-era firmware was seriously insecure, although the company claims to have fixed it in recent updates.
If you've already done passwords and firmware please let us know, because that implies the devices are fundamentally insecure and you need to take extra steps we can advise you on.
posted by Nelson at 7:45 AM on July 17, 2015 [4 favorites]
If you've already done passwords and firmware please let us know, because that implies the devices are fundamentally insecure and you need to take extra steps we can advise you on.
posted by Nelson at 7:45 AM on July 17, 2015 [4 favorites]
Yeah, not that it actually makes you feel safer, but if you were following all the guidelines, given all the articles you linked to + Foscam's dismissive response, this kind of feels like a lawsuit waiting to happen.
posted by pretentious illiterate at 7:51 AM on July 17, 2015
posted by pretentious illiterate at 7:51 AM on July 17, 2015
This isn't related to a solution, but it could be one way to move the needle if you are so inclined: notify local/national press. Let journalists keep doing the digging and pushing as they continue to report on the issue.
posted by doctordrey at 11:56 AM on July 17, 2015
posted by doctordrey at 11:56 AM on July 17, 2015
Response by poster: Thanks for the responses so far. I've completely disconnected the camera. I'm looking for answers as to how I can legally go after whomever did this.
posted by cestmoi15 at 12:21 PM on July 17, 2015
posted by cestmoi15 at 12:21 PM on July 17, 2015
Best answer: I'd venture to disagree with the poster who said that this act was not within the police's jurisdiction. Muttering obscenities to a child is a form of sexual misconduct or assault. Of course, every state has different laws.
Nevertheless, as ryanrs said, they may not have the ability to investigate what happened.
Pretentious, the OP didn't say that Foscam was contacted yet.
On preview: Sorry your local police can't handle it. It takes IT expertise. Presumably the FBI or an inquisitive graduate student or a sophisticated private investigator would be a place to start. And, ask Foscam.
posted by JimN2TAW at 12:21 PM on July 17, 2015
Nevertheless, as ryanrs said, they may not have the ability to investigate what happened.
Pretentious, the OP didn't say that Foscam was contacted yet.
On preview: Sorry your local police can't handle it. It takes IT expertise. Presumably the FBI or an inquisitive graduate student or a sophisticated private investigator would be a place to start. And, ask Foscam.
posted by JimN2TAW at 12:21 PM on July 17, 2015
These devices are famously insecure, especially if not maintained by the user. The police don't have the expertise, nor time, to investigate an baby monitor hack. Do you have log files for them to use in an investigation? It's a dead-end.
posted by LoveHam at 1:17 PM on July 17, 2015
posted by LoveHam at 1:17 PM on July 17, 2015
How, like, targeted did the obscenities seem? Because I have experienced lots of weird transmitting wire-crossage. A landline call I was once on literally cut out all of a sudden to a stranger's clear-as-day and completely mundane phone conversation. I can understand why this was very upsetting, but I'm not sure I would assume you were intentionally hacked.
posted by threeants at 2:44 PM on July 17, 2015 [3 favorites]
posted by threeants at 2:44 PM on July 17, 2015 [3 favorites]
I'm looking for answers as to how I can legally go after whomever did this.
Realistically? You can't. The police don't even have the expertise or the resources to catch all the internet harassers who are swatting, or threatening rape, or threatening violence in targeted attacks, so they won't be able to help you with this. Maybe if it was a repeated thing, and if there was a threat of violence, and if you had connection logs, and you had the expertise to walk them through the connection logs.
If it makes you feel any better, this was most likely due to an unpatched flaw that was found in a random scan-- in other words, you weren't targeted. It's like getting your car vandalized in a parking lot-- it sucks and it feels violating, but at leasts someone isn't targeting you specifically, and they probably don't know where you live.
Even though you unplugged the camera already, you may want to go through some of my previous suggestions for making sure your overall wireless network is locked down.
posted by bluecore at 3:29 PM on July 17, 2015 [8 favorites]
Realistically? You can't. The police don't even have the expertise or the resources to catch all the internet harassers who are swatting, or threatening rape, or threatening violence in targeted attacks, so they won't be able to help you with this. Maybe if it was a repeated thing, and if there was a threat of violence, and if you had connection logs, and you had the expertise to walk them through the connection logs.
If it makes you feel any better, this was most likely due to an unpatched flaw that was found in a random scan-- in other words, you weren't targeted. It's like getting your car vandalized in a parking lot-- it sucks and it feels violating, but at leasts someone isn't targeting you specifically, and they probably don't know where you live.
Even though you unplugged the camera already, you may want to go through some of my previous suggestions for making sure your overall wireless network is locked down.
posted by bluecore at 3:29 PM on July 17, 2015 [8 favorites]
I agree with nearly all of what bluecore wrote, except that the most likely cause was Foscam cameras shipping with a default username of 'admin' and no password at all. I suggest you grab the user manual, and read through the parts that talk about security and setting a password on the device.
posted by whisk(e)y neat at 9:01 PM on July 17, 2015
posted by whisk(e)y neat at 9:01 PM on July 17, 2015
Set it back up, all Foscam cameras have a log. Put the camera in another room. Occasionally check the log. You'll find someone accessing it from outside the network eventually. Contact your local SVU with the info.
However, having had experience with several of the cameras, I'd really suggest reading the manual as if you didn't bother to change the login name and password anyone could connect to it with no issues. Seriously. There're hundreds of Foscams you can locate that nobody bothered to secure.
As for the people saying "lines crossed", these are not lines, they are directed secured TCP/IP streams. The chance you could misdirect a packet, let along a series of packets that would transmit voice, and it would be accepted are into the billion trillion to one range. Not going to happen.
Also, keep in mind Foscam just is a US reseller of a product made by another company. I've contacted them many times for support and they're abysmal, even when you're not dealing with a potential sexual predator. They sell a product, if the camera is physically broken they can help, if you're trying to do anything other than set it up, they're useless.
When you plug a camera that can be accessed anywhere in the world by your phone into your kid's bedroom, be prepared when someone anywhere in the world connects to it because you didn't change the password or used an incredibly easy to use password.
There was one firmware I've seen of theirs int he past four years that was hackable, but everything else has been people not changing the default password.
posted by MildlyDisturbed at 10:38 PM on July 17, 2015 [3 favorites]
However, having had experience with several of the cameras, I'd really suggest reading the manual as if you didn't bother to change the login name and password anyone could connect to it with no issues. Seriously. There're hundreds of Foscams you can locate that nobody bothered to secure.
As for the people saying "lines crossed", these are not lines, they are directed secured TCP/IP streams. The chance you could misdirect a packet, let along a series of packets that would transmit voice, and it would be accepted are into the billion trillion to one range. Not going to happen.
Also, keep in mind Foscam just is a US reseller of a product made by another company. I've contacted them many times for support and they're abysmal, even when you're not dealing with a potential sexual predator. They sell a product, if the camera is physically broken they can help, if you're trying to do anything other than set it up, they're useless.
When you plug a camera that can be accessed anywhere in the world by your phone into your kid's bedroom, be prepared when someone anywhere in the world connects to it because you didn't change the password or used an incredibly easy to use password.
There was one firmware I've seen of theirs int he past four years that was hackable, but everything else has been people not changing the default password.
posted by MildlyDisturbed at 10:38 PM on July 17, 2015 [3 favorites]
Best answer: Yeah, sorry because this sucks, but to piggyback on what everyone else is saying, there is nothing you can do legally*
Here's an analogy. Say you grew up in the country, you're used to not locking your door, and suddenly you move to Chicago. One day, you come downstairs and someone is in your living room because you didn't lock your doors. Sure, you can file a police report, but the only solution is to start locking your damned doors.
I recommend chalking this up to a lesson learned.
*Yes, you could do logs, run traces, and basically reverse hack whoever did this to find out who they are and give that name to law enforcement (and even then, likely, nothing would happen). But by the fundamental fact that you are asking this question, I assume you don't know how to do that.
posted by special agent conrad uno at 10:11 AM on July 18, 2015
Here's an analogy. Say you grew up in the country, you're used to not locking your door, and suddenly you move to Chicago. One day, you come downstairs and someone is in your living room because you didn't lock your doors. Sure, you can file a police report, but the only solution is to start locking your damned doors.
I recommend chalking this up to a lesson learned.
*Yes, you could do logs, run traces, and basically reverse hack whoever did this to find out who they are and give that name to law enforcement (and even then, likely, nothing would happen). But by the fundamental fact that you are asking this question, I assume you don't know how to do that.
posted by special agent conrad uno at 10:11 AM on July 18, 2015
« Older How do I get a job as a programming teacher in a... | Recommendations for an answering service for a... Newer »
This thread is closed to new comments.
The manufacturers are supposed to certify non-interference, but this is not always done.
posted by megatherium at 4:30 AM on July 17, 2015 [2 favorites]