FIGURE 3-1. Foscam baby monitor
According to the researchers, an attacker who is able to determine the IP address of the
baby monitor can simply browse to the following URL to download the entire memory of the
device:
http://[IP Address]/proc/kcoreHaving gained access to the kcore file, the attacker can simply open it in a hex editor to
obtain the username and password. Armed with these credentials, the attacker can control the
camera. It is quite probable that the intruder in the Gilbert case abused this vulnerability.
Using Shodan to Find Baby Monitors Exposed on the Internet
The question at hand is how a potential intruder can locate a specific baby monitor that is
exposed on the Internet. After all, there are probably billions of devices on the Internet, and
that number is growing. One possibility is using the search engine Shodan, which can be
used to easily locate all sorts of devices connected to the Internet. Shown in Figure 3-2, Sho-
dan lets you find routers, servers, and a range of devices connected to the Internet using a
CHAPTER 3: ASSAULTING THE RADIO NURSE—BREACHING BABY MONITORS AND(^62) ONE OTHER THING