The latest baby monitor hacking incident involves a $34 FREDI wireless baby camera monitor. The hacked device was used to spy on a mother and her baby. Hacking IoT baby monitor cameras may not be high on the priority list for most attackers, but that doesn’t mean someone is not getting off on remotely spying on families. That is a lesson learned the hard way by a 24-year-old South Carolina mom who awoke to the baby monitor camera pointed at her. She didn’t think anything of it until the camera moved on its own again to watch the spot where she breastfeeds her infant son.“My son is only 3 months old, and God knows what kind of images and videos out there of both of us and intimate moments,” Jamie Summitt told WCIV. “I feel guilty for not doing enough research on this. I didn’t know this was something I needed to look into. I thought baby monitors were kind of cut and dry. You find a baby monitor, you watch them napping, it was supposed to be a safety thing.”The latest incident involves a $34 FREDI wireless baby camera monitor, which resembled a black-and-white puppy dog. It’s cute, and the warranty information posted on Amazon claims, “NO RISK of PERSONAL INFORMATION” and lifetime technical support. The camera can be controlled via a smartphone app and can turn 360 degrees.“If you have this baby monitor, do yourself a favor and unplug it and throw it away RIGHT now,” Summit wrote on a Facebook post. If you only use the baby monitor while your infant is sleeping, then know that she only used it then, too. Her story unfolds like this: Summit woke up with the baby monitor camera pointed at her, but she thought her husband had used the app to remotely check in on her. But that night, as the baby slept and she and her husband ate supper, her smartphone app let her know the camera was being moved again. It clearly was not her husband moving it.“I looked over on my phone and saw that it was slowly panning over across the room to where our bed was and stopped,” Summitt told NPR. She explained that the camera was pointing to where she breastfed her son several times a day. “The camera paused on the empty bed, then moved back to the bassinet.” If you are not security-focused, then being hacked may not be the first thought to pop into your head. Summit was not the first to jump to a “haunted” conclusion, although she initially believed the app was haunted and not the device. “Honestly, we were naive,” she told NPR. It didn’t take long for the couple to realize that either the device or the app had been hacked and to quickly unplug the baby monitor.While you may be unsurprised by the hack as similar hacks have happened at least dozens of times over the years, she was floored.“I would have never, ever bought something if I thought it was this easy of a security risk,” she added. “When I was making my baby registry, nobody warned me — no other mom said anything. It’s not common knowledge.”“I feel so violated,” she wrote on Facebook. “This person has watched me day in and day out in the most personal and intimate moments between my son and I. I am supposed to be my son’s protector and have failed miserably. I honestly don’t ever want to go back into my own bedroom.”The family said they called the North Charleston Police Department, but by then, when the cop wanted to see what would happen after plugging the monitor back in, the app had locked them out due to “insufficient permission.” Summit told ABC News that she suspects the “hacker ‘heard everything’ and ‘saw the officer.’”No response from camera manufacturerAlthough Summit attempted to contact the manufacturer, she said there was no response. “We called Amazon and reported everything that happened,” she wrote on Facebook. “They then gave us the number and email for the company. The number was out of service and obviously no one has responded to the email.”After learning that, Summit changed the password to a unique password she only used for the baby monitor. Rapid7’s director of research Tod Beardsley said it sounded like “she did all the right things.” It’s been over two years since Rapid7 gave 8 in 10 IoT baby monitors an “F” due to security flaws. Beardsley told NPR that is was “disheartening” that years later baby monitors with easily fixed flaws are still on the market.“The fact that there are still no standards around this is a little depressing,” he said. “It will keep hackers in business for a long time.”While it might be common knowledge to some of us that the internet of insecure things, including baby monitors, have shoddy-to-no security and therefore are easily hacked, this is a good reminder that it’s not common knowledge to everyone. If you see an internet-connected baby monitor listed on the wish list of a baby registry, then sound the alarm and let the parents know risks. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe