Wi-Fi baby monitor hacked: Parents wake up to voice threatening to kidnap their child
A couple in Harris County, Texas, woke up to beeping — and the sound of a person talking through their baby monitor.
The man’s voice repeated “sexual expletives” and when the Ellen and Nathan Rigney turned on the light in their bedroom as they got out of bed, the Wi-Fi-connected baby video monitor turned on.
The voice ordered them to turn the light off and “then [he] said ‘I’m going to kidnap your baby, I’m in your baby’s room,’” Ellen Rigney told KRPC News.
“It was the most frightening. — It’s a voice that I will never forget.”
Nathan went upstairs to investigate — but no one was in the room.
“I kept telling him, I was like, ‘He’s not in here, somebody’s hacking this.'” Ellen said.
The couple turned off the cameras — and their Wi-Fi — and reported the incident to the police, who are investigating the incident.
The Wi-Fi camera, sold by Nest, has a phone or tablet app that lets parents watch and listen from their devices.
The couple contacted Nest, but said the company was of no help.
“[It’s] unnerving and unsettling,” Ellen said. “You have something that is supposed to make you feel better and instead it makes you feel the opposite. It makes you feel invaded and uncomfortable.”’
WATCH: How to prevent baby monitors from being hacked (2015)
In a statement to KRPC, Nest said there were instances where customers were hacked due to leaked or unsecured passwords.
“We have seen instances where customers reused passwords that were previously exposed through breaches on other websites and published publicly,” the statement said.
“We are now also rolling out changes to proactively prevent customers from using a password compromised in a public breach as their Nest password.”
Ann Cavoukian, Ontario’s former privacy commissioner and expert-in-residence at Ryerson’s Privacy by Design Centre of Excellence, said Wi-Fi-connected devices are often easy targets.
“That’s the problem with these devices,” Cavoukian said. “A lot of times on connected devices, the security on them is not particularly strong and have allowed third parties, hackers… to intercept the devices.”
She also said the devices rely on the users to manage their own security, but not everyone has put on a strong password or “even taken the basic measures which they should do to strengthen the security of the devices.”
She urged parents and consumers of all Wi-Fi-connected devices to use strong passwords.
It’s not the first time Nest’s cameras have been targeted: in another instance this month, a man — claiming to be a security researcher from Canada — started speaking to through a Phoenix system. The man said he wanted to notify the resident before someone could do something malicious, the Arizona Republic reported.
And it’s not limited to just Nest, CBS reported in June a woman in South Carolina noticed her baby camera moving on its own.
Global News has previously reported about Canadian security cameras that were livestreamed to a Moscow-based site, Insecam.org. The website explained that it used the factory-default passwords to access them.
In an article titled “How to make your baby cam more secure,” tech magazine Wired offered tips to parents including using a secure password — “something that isn’t “1111111” or “iloveyousweeties,” it reads.
It also warns people to update the camera’s firmware routinely and to use WPA2 encryption on your Wi-Fi network.
“Anything that you can engage in terms of encryption, people should engage,” she said.
“Encryption is your strongest strength because if you do have hackers, they’ll see encryption and they’ll go somewhere else because you’re not an easy target anymore.”
Nest also recommended using two-factor authentication for their apps.
© 2018 Global News, a division of Corus Entertainment Inc.