ILLINOIS — They are supposed to be devices in your home or office to protect you. Devices to keep you and your family safe. Buying a home security camera is a big decision. After all, there are very few things more important than safety and today, it has never been easier to keep an eye on your home thanks to a wave of connected home security cameras.
These streaming video cameras connect to your home WiFi network to send alerts, video clips, and live video feeds to your smartphone, allowing you to monitor activity while you’re away. But what if the bad guys are watching you?
The Sud family of Lake Barrington, Illinois said they began to hear voices in their home Sunday Jan. 20 evening, first from the bedroom and then downstairs in the kitchen. The family had just finished getting their 7-month-old child ready for bed when they were presented with the scare, according to accounts given to local news outlets CBS Chicago and NBC 5.
“As I approached the baby’s room and stood outside, I was shocked to hear a deep, manly voice talking to my 7-month-old son,” Arjun Sud said. “My blood ran cold.”
Arjun Sud was standing outside his son Oliver’s Door Sunday when he heard that voice. He burst in. The voice stopped. He and his wife chalked it up to baby monitorinterference. But once downstairs, they heard the voice again. The family bought their security system to make them feel safe.
Yet, here was an intruder talking to them through their Nest security camera, using obscenities including the ‘N’ word.
“Asking me, you know, why I’m looking at him because he saw obviously that I was looking back and continuing to taunt me,” he said.
“It was terrifying,” Sud’s wife Jessica said.
Sud says once his shock subsided he composed himself enough to record part of the ominous exchange.[srizonfbvidsingle id=10155699882826923]
Sud believes the hacker also turned their upstairs thermostat to 90 degrees. He noticed that potential danger to their baby the same night.
“And then they messed with our thermostat,” Jessica said. “Who does that?”
The Suds unplugged their interior cameras, called police and then Nest itself.
“And then they said, ‘Well, you should have used a unique password and two-factor authentication, and if you did, you know, that would be that,’” Sud said.
Sud’s been using Nest for years, sinking thousands of dollars into the system to help secure his home. He now question’s Nest’s security.
“And that why when I called Nest, and I said, ‘How long has this been going on for? How long has someone kind of been watching us?’ ‘We don’t know. We can’t tell you. We don’t have the logs,’” Sud said.
It’s extremely disturbing, he says, considering there are cameras all over their home with no indication someone outside might be watching — except on two cameras where a blue light clicks on when someone talks.
“Until they actually communicate with you, they could be in here, watching as we are doing right now, and there is no difference. You can’t tell,” Sud said.
He says his trust in Nest is shattered. He wants to return the system.
The Sud family story is not unique.
In December of 2018 a man’s voice came through a Nest camera of Houston mother Ellen Rigney just before midnight saying, “I’m going to kidnap your baby. I’m in your baby’s room,” Rigney told NBC affiliate KPRC in Houston.
Rigney and her husband dashed in to check in on their 4-month-old, Topper, who they keep an eye on overnight with a Nest cam that doubles as a baby monitor. They found Topper sleeping peacefully in his crib, alone in his nursery.
Gabby Nader, a mother of three, “literally ripped” a Nest camera out of her nearly 2-year-old’s room in Upper Makefield, Pennsylvania, after the little girl pointed at the device and said a man had been talking to her through it, Nader told NBC News.
In October 2018, Alexandra, a mother of two from Tenafly, New Jersey, who asked to be identified by first-name only due to privacy concerns after her family’s experience, said what sounded like a group of teenagers started speaking through the camera, which she keeps in the living room to check in on her two young kids and their nanny.
“It was around 1 a.m. and my husband heard voices talking through the camera. They could see him and they started cursing at him,” she said.
“We felt unsafe, unsecure,” she said. “You never know who the heck is watching your kids and your house.”
The hacks exemplify the growing risks faced by consumers who are putting more internet-connected devices in their homes. A survey from March found that a third of U.S. consumers own two or more so-called smart home devices.
The Nest hacks also point to an emerging strategy from malicious hackers called “credential stuffing,” in which usernames and passwords from previous data breaches are used to access otherwise secure systems.
Headlines dating back at least five years have documented other instances of hackers accessing wifi baby monitors, but a recent rash of hacks have brought renewed attention to the issue.
A spokesperson for Google, the parent company of Nest, sent CBS 2 the following statement:
“Nest was not breached. These recent reports are based on customers using compromised passwords (exposed through breaches on other websites). In nearly all cases, two-factor verification eliminates this type of security risk. We take security in the home extremely seriously, and we’re actively introducing features that will reject compromised passwords, allow customers to monitor access to their accounts and track external entities that abuse credentials.”
Nest later told NBC News that the company is now preventing users from setting up accounts using old passwords that could be found in previous data breaches.
Earlier in December, Arizona real estate agent Andy Gregg experienced a similar but far less nefarious Nest hack. A person who identified himself as a “white hat” — a friendly hacker who exposes security vulnerabilities so that they can be patched — began speaking to Gregg through his Nest cam, informing him he should take security precautions such as setting up two-factor authentication because “there’s so many malicious things someone could do with this.”
Gregg was able to record video of the interaction with the hacker, Hank Fordham — whom Gregg put in touch with NBC News.
“The method that we use here isn’t particularly sophisticated, and that’s the big problem,” said Fordham, an independent security researcher.
Fordham said he was able to hack Gregg’s camera using credential stuffing. In that method, easily accessible databases of usernames and passwords from previous data breaches are put into an automated system to look for accounts that reuse their credentials.
Fordham said credential stuffing has grown in popularity in hacking circles, leading him to look for ways to bring it to the public’s attention.
How to Tell If Your Security Camera Has Been Hacked
Even if a Nest Cam has been compromised, it’s not necessary to trash it, experts say. Cybersecurity experts confirmed that Nest had not been breached.
“They didn’t actually hack Nest. They used somebody’s password from something else that they were able to get into,” said David Kennedy, CEO of TrustedSec and Binary Defense, security consulting firms that work with large companies worldwide to protect them against hackers.
Nests are “absolutely” among the highest-security home automation platforms, and the company was not at fault here, according to Adwait Nadkarni, an assistant professor of computer science at the College of William & Mary who in December co-authored a study on the security of the Nest and Philips SmartHue, a competing smart home system. These incidents, he said, illustrate that even secure systems can be at risk due to previous data breaches and the propensity of people to reuse passwords.
That combination makes the broader “Internet of Things” in homes — a web-connected toaster, a smart light bulb that you can dim on schedule remotely — a growing source of concern, particularly since a breach in one connected device can potentially give hackers a ladder of items to gain access to other devices.
“We’re involving these devices in really complex values in our home,” he said. “We’re integrating these devices in sort of a chain that helps us essentially completely automate our home, and it’s really hard to say how secure our home may be. There’s no real data.”
How to Find Out If Your Security Camera Has Been Hacked
Your security cameras can be hacked in several ways. Lack of elementary security features, using default settings and simple passwords, and security camera hack apps all result in cameras and baby monitors, webcams getting hacked.
Unfortunately, it’s not always possible to know if your home video surveillance camera, webcam have been in the unsecured IP camera list.
Pay attention to the 6 telltale signs, and check if your security camera is hacked.
1. Check Out Strange Noises from Your IP Camera, Baby Monitor
Signs that your IP camera has been hacked can mostly be difficult to detect. But there is an obvious one. If you hear a strange voice coming from your security camera, no doubt that your security camera has been hijacked, and someone is spying on your through the camera.
Baby monitor hacked news and videos show that hackers interact with your kids through the hacked security camera remotely, listen to your conversations, and more. Terrifying, isn’t it?
2. See If Your Security Camera Rotates Abnormally
If you find out that your home security camera is following your movement, your camera has more than likely been hacked. Someone hacks your pan-tilt camera and control over it on his side. Your hacked security camera or baby monitor may rotate by itself, or point to a different position than usual.
3. Check If the Security Settings Have Been Changed
How do you see if your surveillance camera has been hacked?
It is a necessary step to check if the security settings have been changed and password has been set to default. The person hacks into your security camera may leave some information on the settings. There are some pride security camera hackers who even change the camera names to something like “Upgrade Firmware”to show off their hacking talents.
4. Find Out If There’s a Blinking LED Light
You can also check if your webcam security camera has been hacked by a randomly blinking LED light.
If you see that the LED light is blinking randomly, your security camera is probably being hacked. In that case, reboot your computer. If the light flashes again after 10 minutes or so, open up your Task Manager, click on the “processes” tab and search for “winlogon.exe.” Upon doing that, if you see more than one copy of the program, disconnect your computer from the Internet and use an anti-virus program to run a full system scan to ensure your computer has not been infected with a Trojan.
5. Pay Attention to an Illuminated LED Light
If you notice that the LED light is turned on, but you didn’t enable it, that’s a telltale sign that your security camera has been hacked and accessed.
When someone hacks your security camera, they have the ability to control it, which includes turning it on and off. If that LED light is on and you know for sure you haven’t turned your camera on, follow the steps above to tell whether your security system has been hacked or not.
6. Check the Data Flow of Your Security Camera
How can you detect if your security camera has been hacked? You can also track the data flow on your network, and on your video surveillance camera. Pay special attention to sudden spikes in your network traffic, which reveals something unusual invalid login in your video feed.
How to Prevent Your Security Cameras from Being Hacked
No signs of your security camera getting hacked are found? That’s good news. Have confirmed some hacked security cameras in your home? It’s good to find out too!
In fact, there are many things you can and should do initiatively to prevent your security cameras from being hacked, or being hacked again in the future.
And the following 5 tips are what suggested most by the security expert, Daniel, who had more than 5 years experience in dealing with security camera hacking issues:
1. Buy Security Cameras with Advanced Encryption
In order to keep yourself, your loved ones and your valuables from prying eyes, it is essential to pick out a security camera from a trusted source.
If a security camera is produced without necessary security encryption features, it can be easily hacked even if you’ve secured your passwords, the router, or anything else mentioned to prevent your security cameras from being hacked.
And the best scenario is to get an IP camera that enables all the advanced security features, including SSL/TLS encryption, WPA2-AES encryption, which keep most of the CCTV camera hackers away.
2. Secure Your Security Camera Passwords
Security cameras with default passwords and username have much higher chances of getting hacked. Do you know that most security cameras hacked websites just ping every device on the net and try if one of common default passwords works?
So don’t let your security cameras fall into this simple trap.
Make sure you use a powerful password that would be difficult for someone to figure out. For example, use the password that is 6 characters or longer with a combination of lower-case and upper-case letters, as well as numbers and special characters. Also, make sure you change the password frequently.
3. Secure the Home Network Router
Sometimes, your security camera just gets hacked by chance. For example, your neighbor may access your router for free Internet, and hack your CCTV camera by accident. So if you use WiFi for your security system, remember to keep it protected with a powerful password as well.
Another pro tip to secure your security camera from hacking is to build a subnet for your home security camera system with an NVR.
Once you connected the cameras to the NVR (network video recorder), the cameras will record and save to the NVR without accessing your home router network. No one can hack into the private camera subnet.
4. Limit Devices to Access Your Home Network
Limit the number of devices that can be used to access your security system, making sure your personal laptop, smartphone and desktop are the only devices that can login to the system. You may use a virtual private network (VPN) to regulate which of your devices will be able to access the network to prevent possible hackers.
5. Upgrade CCTV Camera Firmware
Check fixes and improvements of your security camera firmware upgrade. Download the latest firmware to fix some bugs and keep up-to-date features.
There is usually a page that provides the firmware download links, so you can always find the latest versions available and get your camera protected. Don’t buy those cheap cameras without technical support to update the firmware regularly.
6. Install Firewalls and Antivirus Software
The firewalls help protect your security camera against hacking, and the antivirus software help protects it against viruses and malware, like the online security cameras hacking software.
What to Do If Security Camera Has Been Hacked
So what should you do if your security cameras are hacked, unfortunately?
Check the 5 essentials above to see if there is anything you have missed, which gives the hacker chances to access and hack your security cameras:
- Is your hacked security camera featured with necessary encryption?
- Have you changed the security camera default password?
- Have you secured your home router with a stronger password and/or VPN?
- Have you installed the latest firmware before your security camera get hacked?
If your answer is YES to all the above questions, report your problems to the security camera manufacturer immediately so that they can correct the problem and secure the vulnerability.
Why Security Cameras Are Hacked
It’s important to be aware of why and how your security camera can be hacked, so that you can better protect the surveillance systems from prying eyes.
As for the reasons for home security cameras being hacked, some are after the private information of others, some may be indulging in watching hacked security cameras, and some proud hackers are just hacking for fun.
How Do Security Cameras Get Hacked
How are security cameras hacked? Generally, you CCTV cameras can be hacked either locally or remotely.
1. Local Hacks
“The router and modem have also been used to gain access to my network and my CCTV cameras were to be the victims.”
Like the OP says, the hacker obtains access to the wireless network and hacks the security camera attached to it. They may simply try some common default passwords to it, or spoof the wireless network and jam the actual one with some network tricks.
Many wireless security cameras get hacked this way.
2. Remote Hacks
This happens when the camera transmits videos over the Internet. Security camera hackers may take the advantage of the data breach or unsecured passwords to hack into security cameras.
That’s why many security cameras live get hacked. And that’s why the wired security cameras can also be hacked.