that the device is connected to the Internet, anyone in the world with access to a computer can
potentially launch a targeted eavesdropping attack. In the next few paragraphs, we will discuss
a specific incident in which such an attack occurred. We will then take a look at the device
used in this attack, exposing its security vulnerabilities. Subsequently we will pick up on
another baby monitor, the Belkin WeMo Baby, dissecting its technical design and discussing
potential security improvements.
In August 2013, Mark Gilbert was busy doing dishes in his home when he suddenly
heard noises coming from his daughter Allyson’s bedroom while she was sleeping. As Mark
and his wife approached Allyson’s room, they heard a stranger shouting expletives at them,
calling Mark a “stupid moron” and his wife a “bitch.” Mark noticed the baby monitor, equip-
ped with a video camera, swivel toward him and his wife. At this point, realizing that an
intruder had compromised the device, he quickly disconnected it.
Take a moment to consider how severely unnerving this incident was to the Gilbert fam-
ily. Imagine how invasive it must feel to be winding up the day in a quiet neighborhood and
have a complete stranger’s voice shout obscenities out of nowhere in the supposed privacy of
your own home. Imagine the shock of having this verbal attack originate from the bedroom of
an infant.
At first glance, one might assume that Mark Gilbert chose a weak password for his WiFi
network, and perhaps the intruder was within range of his home and guessed it. Or perhaps
Mark never changed the default credentials (username: “admin”, password: [blank]), allowing
the intruder easy access to the device. However, according to Mark, he had indeed changed
the default credentials and secured his WiFi with a strong password.
Foscam Vulnerabilities Exposed by Researchers
A few weeks after the Gilbert incident, security researchers realized that the device in question
was manufactured by the company Foscam, whose products security researchers had exposed
vulnerabilities in at the Hack in the Box conference just months earlier. Figure 3-1 shows one
of the vulnerable Foscam devices in question.
THE FOSCAM INCIDENT 61