The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors And Power Plants

Marc Gilbert got a horrible surprise from a stranger on his 34th birthday in August. After the celebration had died down, the Houston resident heard an unfamiliar voice coming from his daughter’s room; the person was telling his sleeping 2-year-old, “Wake up, you little slut.” When Gilbert rushed in, he discovered the voice was coming from his baby monitor and that whoever had taken control of it was also able to manipulate the camera. Gilbert immediately unplugged the monitor but not before the hacker had a chance to call him a moron.

The monitor, made by Foscam of Shenzhen, China, lets users monitor audio and video over the Internet from anywhere in the world. Months earlier security researchers had discovered software flaws in the product that allowed attackers to take control of the monitor remotely or to sign into its stream if they used the user name “admin.” Foscam had quietly come up with a fix the month before but had not pushed it out to its users. When Gilbert checked his Foscam account, he discovered that the hacker had added his own user name–”Root”–so he could sign in whenever he wanted. Gilbert is now considering a class action against Foscam. He could find other plaintiffs using a search engine called Shodan. It’s likely the tool the pervy hacker used to find him.