• United States



Spooky spying hacks that make homes seem haunted

Oct 28, 20136 mins
Data and Information SecurityMicrosoftSecurity

Here are some of the "scariest" privacy-invading hacks that could creep out and spook a person into wondering if their house is haunted.

Back in the day, 1990s and early 2000s, you didn’t hear too much about remote administration tools (RAT), so victims of early RATs like Back Orifice, Netbus or Sub7 would often freak out when the CD-tray would open or close on its own, music files would play for no reason, emails would be snatched from thin air, or files, icons, the clock and task manager would disappear. One guy was convinced it was poltergeist activity, and plenty of others were spooked by their computers that seemed to be possessed. These days, there are all manner of malicious RATs and, as Ars Technica’s Nate Anderson wrote in an excellent piece, there are cultures of “ratters” posting web cam captures of mostly female “slaves.”

Nowadays, most computing devices come with a webcam, but people can’t assume that cyber-peepers are only watching if the webcam light is on. For example, Miss Teen USA Cassidy Wolf said, “I wasn’t aware that somebody was watching me (on my webcam). The light (on the camera) didn’t even go on, so I had no idea.” Please don’t be another “clueless American” when it comes to webcam hacking. Wisdom suggests covering the webcam with a Post-it or tape at all times unless you are using the cam, but that doesn’t turn off the microphone if some “ratter” or stalker has secretly pwned your laptop or PC.

Have you seen the commercial where the “scared” guys with an iPad keep moving from the kitchen, to a tree house, to under the bed in order to be “safe”? With all the insecure security products, that could about be true. With that in mind, here are some of the “scariest” privacy-invading hacks that could creep out and spook a person.

Surveillance via Smart TVs

Own a smart TV? Let’s hope it’s not in your bedroom. “Do not allow your TV to see your bed,” warned Korea University researcher SeungJin Lee at the Breakpoint security conference. Lee gave a similar warning during his Black Hat presentation, that Smart TVs are the ‘perfect target’ for spying on you. Oh, and whether that TV is in your bedroom, living room or kitchen, don’t assume that just because the LED power light is off that the TV is actually off. Although Lee is not the only researcher warning how easily Samsung Smart TVs can be hacked, Lee said he was still able to spy on people, via their Smart TVs when the TV is “turned off.” He also conducted research on spying via a smartphone, but concluded that “the TV makes a better photographer, although it does not move.”

Remote spying via baby monitors

Although baby monitors are intended to help protect your baby, even babies have become victims of remote voyeurs. Back in August, it was reported that a hacker hijacked a wireless IP camera being used as a baby monitor. He spied on and yelled obscenities at a two-year-old in her crib. When her parents came into the room, the hacker remotely focused the camera on them and then cursed at them as well. Who knows how many times this sort of baby monitor surveillance goes undetected? Last week, a security researcher showed how easy it was to use a WeMo Baby and an iPhone for remote spying and eavesdropping.

Peeping Tom paradise via TRENDnet IP cameras

A full year after the public was warned to update the firmware for TRENDnet streaming IP cameras, all those unpatched cameras still provided a Peeping Tom paradise for armchair voyeurs. Even if you wanted to help people by personally reaching out to each one, it was pretty much impossible to pinpoint who exactly you needed to contact. This fall, the FTC brought the hammer down on TRENDnet for failing to protect consumers’ privacy. Those allegedly “secure” cameras were anything but secure, as faulty software “left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address.” TRENDnet was ordered “to notify customers about the security issues,” and hopefully it will. However, the company previously told me that it had done everything it could; and since not all people registered their IP cameras, not all could be contacted.

Turning surveillance cameras against you

Don’t go thinking your privacy is actually private if you use a different brand of wireless IP surveillance camera. Security researchers showed numerous examples of “turning your surveillance camera against you.” But that’s not just for watching you inside your home, as the web-based interfaces also “easily” lead to an exposure “of sensitive personal information (such as wireless network, FTP, and even email access credentials).” In fact, the “security issues in the embedded web server of the camera themselves are enough to do whatever you/bad guy/Chinese government want.”

In each of the cases above, a victim might not be spooked if he/she is not made aware of the surveillance. If an attacker could start telling you things that happen in the the privacy of your home, things that he/she should have no way of knowing, it’s likely that you would feel violated and be mad as hell, as opposed to feeling “haunted.” But not all hacks are secret surveillance, and some could give the freaky feeling of fear related to things that go bump in the night.

Spooky Smart homes

While there may be a lot of innovation around the Internet of Things, it most assuredly comes with a lot of other vulnerabilities to be exploited as well. Hacking smart homes and the Internet of Things is still in its infancy, yet so far we know network-connected toilets, toys, thermostats, wireless speakers and automated door locks can be exploited.

If an attacker remotely flicks the lights on and off, cranks the thermostat up or down, or keeps opening the “smart” front-door locks, it could freak a person out. While some might consider hacking a ludicrously expensive toilet to be a prank, if an attacker used an app to repeatedly flush the toilet, open and close the lid, or remotely trigger the air-dry function, then the victim might start to think he/she has a poltergeist problem. At the very least, hacking a person’s smart house could make it appear as if it were haunted.

Like this? Here’s more posts:

  • How Microsoft invented, or invisibly runs, almost everything
  • Misery by Microsoft: IE11 mangled Google, Windows RT 8.1 bricked some devices
  • Wireless feature disabled on pacemaker to stop hackers from assassinating Cheney
  • FBStalker and GeoStalker data mining tools can dig into your life
  • Extreme tech for covert audio surveillance
  • Have you protected your privacy by opting out of cross-device ad tracking?
  • Most parents allow unsupervised internet access to children at age 8
  • Not even Microsofties trust Microsoft’s approach to privacy
  • Wham bam thanks for giving up your Facebook and Google privacy, ma’am
  • Chris Hemsworth goes to ‘nerd school’ for hacking in cyber-terrorism thriller ‘Cyber’
  • Ex-NSA chief Michael Hayden got schooled on how much eavesdropping stinks
  • Eavesdropping made easy: Remote spying with WeMo Baby and an iPhone

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.