Well that's certainly a reassuring image to lead the article off with.
posted by rewil at 12:28 PM on January 19, 2016 [1 favorite]

...remind me again why the Internet of Things is supposed to be so great?
posted by NoxAeternum at 12:33 PM on January 19, 2016 [32 favorites]

It is truly an Internet of Shit.
posted by graymouser at 12:33 PM on January 19, 2016 [16 favorites]

Well that guy who hacked into the baby monitor seems to be enjoying it.
posted by Elementary Penguin at 12:34 PM on January 19, 2016 [6 favorites]

What's with this weird linkbaity not-a-real-news-organization "San Francisco Globe"?
posted by zachlipton at 12:34 PM on January 19, 2016 [34 favorites]

Non-wifi monitors can also very easily be "hacked" in that they're operating on public frequencies unencrypted just like a two-way radio.

This story is less a creepy (the peeper's actions are less creepy, at least) take on monitor peeping.
posted by that girl at 12:34 PM on January 19, 2016

When babyozzy was born and we were in the months-long state of twilight consciousness, we cooked up an elaborate horror movie that hinged primarily on baby-anxiety popout scares: in one, a baby's swaddle is undone to reveal, instead of a squirming pink infant, an impossibly-large mass of writhing snakes and spiders; in another, the sound of soft singing comes over a baby monitor, and the screen reveals a creepy old lady rocking with the baby (but of course she's not there when they run into the room to check).
posted by uncleozzy at 12:35 PM on January 19, 2016 [31 favorites]

The kid's firmware is probably corrupted now. It's tragic.
posted by thelonius at 12:36 PM on January 19, 2016 [20 favorites]

Yeah, you really need to check the security on these things. You can search on Shodan and find lots of baby monitors and home security cameras that are public by default.

And the owners don't even know it — and unless they registered with the company after buying the device (very unlikely), the company has no way to alert them or, often, to push updates to the device! Jesus Christ!
posted by BlackLeotardFront at 12:36 PM on January 19, 2016 [5 favorites]

Non-wifi monitors can also very easily be "hacked" in that they're operating on public frequencies unencrypted just like a two-way radio.

Well yes, but then you only have to worry about the creepy fucking idiots on a relatively local scale.
posted by Dr Dracator at 12:36 PM on January 19, 2016 [7 favorites]

Fox19 cites a solutions expert named Dave Hatter, who suggests changing both the Wi-Fi password and monitor's camera password to two different codes, as well as installing any device updates available.

... solutions expert? Could you pick a less descriptive job title?

Anyway it's all moot. These shitty devices are probably managing to expose themselves to the internet at large, it's not someone wardriving the wifi, it's someone logging in after finding it exposed on Shodan.

on preview, jinx
posted by BungaDunga at 12:37 PM on January 19, 2016

If I had kids who still used a baby monitor, I think I would show my wife that bugs everywhere post first.
posted by Nanukthedog at 12:39 PM on January 19, 2016 [5 favorites]

Non-wifi monitors can also very easily be "hacked" in that they're operating on public frequencies unencrypted just like a two-way radio.

Yeah, the last time I encountered a baby monitor the biggest concern was someone parked outside being able to listen in if they were tuned to the right frequency.
posted by ChurchHatesTucker at 12:40 PM on January 19, 2016 [3 favorites]

... solutions expert? Could you pick a less descriptive job title?

I Provide Office Solutions
posted by leotrotsky at 12:45 PM on January 19, 2016 [1 favorite]

I'm skeptical that this happened as described. Sure, monitors can be hacked. So can an ATM machine. So can your laptop at Starbucks.

But the breathless, "wake up little baby" story? There are creeps out there, but not supervillains.
posted by Cool Papa Bell at 12:46 PM on January 19, 2016 [5 favorites]

Many years ago - like 17-ish - I used to have a wireless analog baby monitor that would pick up cordless phone calls from one of my neighbours. Every so often the parental part of the monitor would start broadcasting half of the conversation. Presumably it was half-duplex using two separate channels, one for each side of the conversation.

Anyway, baby monitors, they ain't secure. And I'm not sure if I even like the idea of using a speaker to talk to my kid remotely. It's not that much less creepy if it's the parent doing it IMO.
posted by GuyZero at 12:47 PM on January 19, 2016 [5 favorites]

...the biggest concern was someone parked outside being able to listen in if they were tuned to the right frequency.

I had this once in an old apartment -- some guy's cell phone signal went direct to my teevee. Just his side of the conversation. It was hours and hours of entertainment -- I'd call a friend up (land line, of course), and we'd listen in on this guy, who was obviously cheating on his girlfriend, and feeding her all kinds of stories, night after night, and we were all "Is she buying this?", and oh, how we laughed.

In retrospect, it probably wasn't all that funny.

And baby monitors, now that's just creepy.
posted by Capt. Renault at 12:48 PM on January 19, 2016 [7 favorites]

The kid's firmware is probably corrupted now. It's tragic.

Unplug and plug back in.
posted by Fizz at 12:53 PM on January 19, 2016 [4 favorites]

And I'm not sure if I even like the idea of using a speaker to talk to my kid remotely.

Right? It seems pretty weird to me. We have a non-connected, non-fancy 2.4GHz monitor. The worst thing anybody would see is me staggering in at 3am to explain that no, we can't read a book because it's the middle of the fucking night.
posted by uncleozzy at 12:55 PM on January 19, 2016 [2 favorites]

Well yes, but then you only have to worry about the creepy fucking idiots on a relatively local scale.

Oh sure. It is a lot more relevant in denser areas of the universe, where more people live in apartment complexes.
posted by that girl at 12:57 PM on January 19, 2016 [1 favorite]

What's with this weird linkbaity not-a-real-news-organization "San Francisco Globe"?

yeah, I went to their About page and they're some students/recent grads "disrupting" newspapers with clickbaity stuff.

I don't really buy this story.
posted by sweetkid at 12:59 PM on January 19, 2016 [4 favorites]

Well yes, but then you only have to worry about the creepy fucking idiots on a relatively local scale.

And in my neighborhood that guy is me, so no worries on my end.
posted by Alvy Ampersand at 1:01 PM on January 19, 2016 [12 favorites]

We have a boring, transmit only, audio only monitor. If anyone else wanted to listen to my daughter cry/whine for absolutely no reason between 1:30 and 2:30 this morning, they would have been welcome to do so.
posted by rockindata at 1:01 PM on January 19, 2016 [24 favorites]

Well it looks like the SF Globe folks just rewrote a story actual news organizations ran like nine months ago. It seems this is their MO; many of their most recent stories are rewrites of stories from last year or older.

I could believe this story happened I guess, but SF Globe is clickbait trash and shouldn't be considered.
posted by zachlipton at 1:02 PM on January 19, 2016 [3 favorites]

...remind me again why the Internet of Things is supposed to be so great?

Long before the internet, let alone the Internet of Things, my friends in the phone company would tell me about their friends at the phone company, who worked at night keeping the massive mechanical relay-based phone switching equipment in order, and who would randomly plug into phone calls until they found a couple having phone sex, and broadcast the conversation on the speaker system to entertain the maintenance crew. This was in, oh, 1972. And of course the Victorians had peepholes and the like. Nothing new under the sun.
posted by beagle at 1:02 PM on January 19, 2016 [14 favorites]

From the About SFG page:

"Traditionally, news has been controlled in the hands of a few: trained editors and writers at established media houses. We believe the Internet and mobile technology are changing all of that. The onset of YouTube and other sites have enabled the democratization of content. "

" Although we mercilessly seek efficiency through automating tasks that humans should never have to do, we avoid using software to interfere with tasks that humans should always be involved with. We are data-driven, results-oriented, and meritocratic. We don't like the status quo. We also like having fun with each other from murder mystery nights to happy hours to weekend trips. "

Euuughhhhhhhhhhhh. Trawling through some of their things it's a perfect example of clickbait. They've made a clickbait 101 site but they have an app, so that's great.
posted by Neronomius at 1:08 PM on January 19, 2016 [12 favorites]

Capt. Renault: In retrospect, it probably wasn't all that funny.

It reminds me of the "Shut Up, Little Man!" people. On the one hand, yes, it seems a bit invasive. On the other, it's not like you really went out of your way to wiretap these people (I'm guessing that by "cell phone" you mean cordless phone--it's not supposed to be possible with cell phones, AFAIK--because the older ones did indeed have an unencrypted signal; I seem to remember a story (can't even remember what medium it was in) about a kid who could use a scanner to pick them up from around the neighborhood). And it's really alarming when the couple next door has a fight (I've called the cops when it was obvious the fight had gotten physical) and irritating when they're playing their music or fucking loudly late at night.
posted by Halloween Jack at 1:11 PM on January 19, 2016 [1 favorite]

Back in the 1980's and 90's, I could hear phone conversations on my teevee if I tuned the UHF knob right. Sometimes only one side of the conversation, sometimes both. Entertainment in the days before internet and cable.
posted by fimbulvetr at 1:14 PM on January 19, 2016 [2 favorites]

We have used a wifi camera to keep an eye on our little one and it has bought us great satisfaction and happiness. I would not intentionally use a weakly secured one, but the value of the camera is very high for our family. I'm willing to risk the outside chance of a hack for the considerable amount of value we get for it.
posted by Bovine Love at 1:14 PM on January 19, 2016

Basically all of your IoT shit is like this. Manufacturers are people who don't give a damn about anything except rushing some cheesy piece of electronic crap to market so they can foist it on people who don't know any better.
posted by quonsar II: smock fishpants and the temple of foon at 1:14 PM on January 19, 2016 [7 favorites]

I had this once in an old apartment -- some guy's cell phone signal went direct to my teevee. Just his side of the conversation. It was hours and hours of entertainment -- I'd call a friend up (land line, of course), and we'd listen in on this guy, who was obviously cheating on his girlfriend, and feeding her all kinds of stories, night after night, and we were all "Is she buying this?", and oh, how we laughed.

At one of my old theater companies, we were in the market for a cheap two-way radio system that would have allowed the stage manager (me) to talk to the crew backstage (I was stationed in a catwalk high above the stage, and the only other way to talk to them would have required my leaving my catwalk and actually physically crossing the stage itself).

We bought one, and the director and I took up our posts so we could test it - he stayed behind backstage, and I climbed up to the booth on the catwalk, turned it on and tried talking to him. He didn't respond. I tried hailing him a couple more times, then climbed down from the catwalk and crossed the stage, trying to hail him the whole way. When I finally got to where he was backstage, I found him listening to the headset in fascination - he said that he didn't hear me, but that he was somehow picking up someone else's cell phone conversation, which he claimed was about "midget nuns in the Vatican."

I begged him to keep them for entertainment value, but he returned them nevertheless.
posted by EmpressCallipygos at 1:14 PM on January 19, 2016 [3 favorites]

What a dreadful site. 40 lines of text and a gigabyte of junk.
posted by StephenB at 1:17 PM on January 19, 2016 [4 favorites]

Robin Rimbaud aka Scanner started releasing ambient music in the 1990s which included intercepted cellphone and police radio communications. (commented Previously)
posted by larrybob at 1:28 PM on January 19, 2016 [1 favorite]

Manufacturers are people who don't give a damn about anything except rushing some cheesy piece of electronic crap to market so they can foist it on people who don't know any better.

Well, to be fair, security is hard.
posted by GuyZero at 1:36 PM on January 19, 2016 [1 favorite]

Here's a presentation/analysis of IoT baby monitor security: "The Hand That Rocks the Cradle: Hacking IoT Baby Monitors". Slide 54 has a chart showing the vulnerabilities found in the 9 models they checked, which include

• HTTP API over LAN connections (6)
• HTTP API over internet connections (5)
• Remote shell (5)
• Hidden accounts (9)
• Known vulnerabilities in OS/libraries (5)
• UART access (9)
• Unencrypted streams (8)

Using a scoring system, they give every monitor a security grade of F, except for the iBaby M3S, which gets a D.

(Slide 60 has a photo of a t-shirt that says "Until we fix our connected homes, hackers will keep screaming at babies")
posted by jjwiseman at 1:37 PM on January 19, 2016 [13 favorites]

Euuughhhhhhhhhhhh. Trawling through some of their things it's a perfect example of clickbait. They've made a clickbait 101 site but they have an app, so that's great.

OK, since we're ragging on this SF Globe site a bit, their "Location" map is hilarious. First, it is just a static image that doesn't even link to the same coordinates on Google maps - that's just plain lazy. Second, they manage to avoid including the name of even ONE nearby transit stop - none of the Muni ones are zoomed in enough to show names, and both Montgomery and Embarcadero are too close to the edge for their name to be included. There are 2 parking garages, but everybody knows you take BART to get downtown, I mean come on. Third, there are not one but THREE GNC's featured on the map, which... what? Did the intern pulling that map image just get done running a search for "nutrition supplements" or something? And finally their "SFG" icon is so huge it actually touches 3 streets, effectively obscuring where the hell they are actually located, which would seem to be the whole point.

Oh yeah, finally-finally, they name their neighborhood as "Financial District / SOMA" which is just pathetic when you are obviously NORTH of Market St. Zero points awarded and may god have mercy on your soul.
posted by Joey Buttafoucault at 1:38 PM on January 19, 2016 [3 favorites]

It seems like there are some companies that are taking embedded systems security very seriously, but I've also heard that it's been hard to get a lot of companies to even realize there's a problem. E.g. Helium seems to be interested in writing embedded software with Haskell--step #1 in embedded security: Don't write C or C++!
posted by jjwiseman at 1:39 PM on January 19, 2016

I was curious which "Washington" the couple were from, and quickly fell down a rabbit-hole of clickbait.

It looks like the original story was from last April?

It's also very light on technical details. Is the camera somehow compromised, or was the local network compromised (ie. the house had an open WiFi network)?

As shown by this story, it doesn't really matter where the compromise happened, but it would reveal a lot about how badly the camera manufacturer fucked up (if they can really be blamed at all).

A lot of consumer devices now assume that their local networks are closed, secure, AND trustworthy. On the surface, this isn't a totally unreasonable assumption, and saves most users from having to memorize a dazzling array of passwords. On the flipside, most users are unaware of how secure their networks are, and do not understand the implications of having all of the "Things" in their house trust each other (worse still, many devices don't even make this configurable).

Even if we make the most generous assumptions about the baby monitor, there are a thousand ways that even a well-designed device could have been misconfigured, and left wide-open for the world to see.

This isn't limited to home users, IoT, or "cheap gear from China," by the way. Last year, a security researcher at Defcon started scanning for completely-open VNC servers during a talk, and managed to rack up thousands over the course of a few minutes. He found tons of scientific devices, industrial equipment, control systems, servers, and corporate desktops. These are devices where the owners/administrators "should know better," and this was the simplest and most naive kind of port-scan imaginable.

The frustrating part of all this is that technology should be able to make all of these things more secure, even though we have been overwhelmingly moving in the opposite direction. It is not rocket-science for a camera to connect to a WiFi network over WEP, require its own password to login, and also encrypt its local traffic. You could even do all that over HTTP, and the local crypto part is only necessary if you really can't trust your LAN!
posted by schmod at 1:40 PM on January 19, 2016 [4 favorites]

OK, since we're ragging on this SF Globe site a bit, their "Location" map is hilarious.

Apparently it's really 235 Pine, Suite 1800, but that particular space is up for lease right now, so yeah...
posted by zachlipton at 1:45 PM on January 19, 2016 [1 favorite]

It's called a firewall, do you speak it?
posted by blue_beetle at 1:50 PM on January 19, 2016

Where's Nest in all of this? Their name's certainly apt.
posted by fairmettle at 1:50 PM on January 19, 2016

Lots pf cheap analogue two-way gear, like baby monitors, cordless phones, walkie-talkies, hands-free wearable intercoms and the like - used to co-exist in the same tiny slice of spectrum around 49 MHz. Which can carry a long way on low power. (Analogue mobile phones used to be right next to the UHF TV band, and - although not on the exact same frequencies - TVs used to be wideband/crappy enough to pick up strong local phone signals.)

The 49 MHz stuff is right next door to the 50 MHz ham band, where plenty of people have good directional high-gain antennas and very capable receivers. In London, for example, a chap with modest enough equipment like that could pick up all sorts even when not actually trying. The first time you hear a carrier that at first sounds silent and then reveals slow, even breathing, it's a creepy 2am experience. The flaming rows parents/babysitters-with-shouldn't-be-there boyfriends have within range of the monitor's microphones are, well, quite astounding.

There is an infinity of stuff out there when people voluntarily install radio bugging devices in their own houses. These days, you don't even need a radio receiver to play, thanks to the massive lack of clue at all levels of IoT security. My one hope is that the rapidly rising sea of horror stories will make security better before the lawmakers do something stupid in an attempt to 'fix the problem' by criminalising clever to protect the dumb.
posted by Devonian at 1:51 PM on January 19, 2016 [7 favorites]

> in another, the sound of soft singing comes over a baby monitor, and the screen reveals a creepy old lady rocking with the baby (but of course she's not there when they run into the room to check).

I thought I heard someone singing "shush, shush" to my baby over the monitor once. Hacking didn't even occur to me as a possibility at the time - my brain went straight to "it's a ghost!", but to be honest, I was so bone tired even that didn't bother me much. Supernatural entity wants to get my child to sleep, you say? Excellent, haunt my house all you like!

(It probably wasn't a hacker either, given that we didn't have one of those two-way speaker monitors. Guessing it was just a tiredness-induced hallucination. Oh, well.)
posted by Catseye at 1:52 PM on January 19, 2016 [15 favorites]

Huh, you know if you get to a baby early enough while their brain was still fairly plastic you could probably pipe what sounded like white noise to adults through the monitor with just enough embedded voice that only the child could make out the message. That would be a maximally creepy prank.
posted by BrotherCaine at 1:54 PM on January 19, 2016 [1 favorite]

"...remind me again why the Internet of Things is supposed to be so great?"

"I like to think
(it has to be!)
of a cybernetic ecology
where we are free of our labors
and joined back to nature,
returned to our mammal
brothers and sisters,
and all watched over by machines of loving grace."
Richard Brautigan, Poet-in-Residence at the California Institute of Technology, 1967

(Sleep tight, little ones...!)
posted by markkraft at 2:47 PM on January 19, 2016 [9 favorites]

Why do they need a baby monitor in the bedroom of a three year-old anyway?
posted by dg at 2:54 PM on January 19, 2016 [5 favorites]

What a dreadful site. 40 lines of text and a gigabyte of junk.

There are a lot of sites like this that show up now in Google News. I can't figure out why Google News's aggregator doesn't skip them. They all have legit-sounding names like "SF Globe," but sometimes they sound too desperately legit, like "The Beacon Review."

They apparently take stories printed in other news outlets and change just enough words to keep their own articles from being totally plagiarized. The first one I came across was, in fact, The Beacon Review. (It's an empty domain now.) The words in the articles were obviously being replaced -- by computer program, I imagine, or at least non-native English speakers -- using thesaurus words.

The first time I ran across a Beacon Review I was totally tickled and had an email exchange with a friend about it. From that email exchange, here are some phrases that were printed in other articles on the site:

In an article about a murder suicide involving a bunch of adults: "All of the victims were being adults." Referring to some of the victims being related to the murderer: "...including 4 of his have kinfolk."

In an article about Immaculate Heart of Mary College protesting a parade because of the gays: "Immaculate Coronary of Mary College." The article summarizing the parade described the parade marchers "wandering the route."

In an article about the Pope: "Pope Francis, the chief of the world's 1.two billion Catholics...."

In an article about, well, you'll see: "Dispatchers despatched police to campus to help with the reaction to a 19-year-outdated lady who turned unwell after using Molly on Sept. thirteen, the next of two consecutive weekends in which Wesleyan learners were hospitalized right after using the drug. Desmond said law enforcement did not follow up, possible simply because it would be tough to go after a circumstance involving an intoxicated lady who took a solitary tablet."

Atlantic Trust Private Wealth Management was redubbed "Atlantic Trust Non-public Prosperity Administration." Also, "Atlantic Have faith in Personal Prosperity Administration."

In a new agey article about the "divine feminine": "The left side of the physique relates to the feminine and the appropriate side, the masculine." (The APPROPRIATE side!!)

Regarding relationship issues: "A sign you needs to see a 'partnership therapist': 1. You happen to be consistently fighting with no aiming to discover resolutions."

And my personal favorite, going back to the one about the man who murdered his kinfolk, who were being adults at the time: "His truck was found jogging by the side of the road."

So at least they're getting better, I guess?
posted by mudpuppie at 3:05 PM on January 19, 2016 [19 favorites]

Maybe I'm a lousy parent-to-be but I've read about this thing before and it really doesn't concern me.
posted by kat518 at 3:44 PM on January 19, 2016

Twenty some odd years ago, we had a basic baby monitor, audio only. One night I awoke to the sounds of my darling crying away...and just as I was getting up I realized: not my baby. What I was hearing was a much younger child; someone had a tv on in the background, and, in my opinion was taking FAR TOO LONG to respond to that infant's wails. Turned out - our monitor wasn't even on in my sons' room, just the receiver.
posted by annieb at 4:11 PM on January 19, 2016 [2 favorites]

Why do they need a baby monitor in the bedroom of a three year-old anyway?

My son sings himself to sleep and it is the sweetest thing I have ever heard in my life. I used a baby monitor long past the baby stage because I just could not quit listening to his sleepy, peaceful bedtime songs. Last year, when he was four and a half, the rabbit chewed the cord of the monitor (again, we went through 3 baby monitors that way) and rendered it useless -- and finally, with sadness, I decided that we really, really did not need a monitor anymore. So maybe they had something similar going on. (Did not RTFA.)
posted by rabbitrabbit at 4:40 PM on January 19, 2016 [16 favorites]

SF Globe links on Facebook are one of my "unfollow" triggers, like Upworthy, Mashable, Viralnova, and all the lefty panicfuel for ninnies like naturalnews and Food Babe or the righty panicfuel for ninnies like Breitbart. Share five of those and you're still my friend, but you're unfollowed without a moment's thought.
posted by sonascope at 5:14 PM on January 19, 2016 [4 favorites]

"the rabbit chewed the cord of the monitor"
posted by rabbitrabbit

Perfect!
posted by marienbad at 5:21 PM on January 19, 2016 [4 favorites]

I never had my baby monitor hacked but our monitor would regularly pick up the phone conversations from one of our neighbours' cordless phones. We could hardly hear the person on the other end of the line but we could hear our neighbour making the call loud and clear. I recall one late night, unable to sleep, I was playing some kind of creepy video game with the lights off when the monitor started talking at me about banal relationship problems seemingly waiting for me to answer. I usually took that as a sign that I needed to go to sleep.
posted by Ashwagandha at 5:33 PM on January 19, 2016 [2 favorites]

40 lines of text and a gigabyte of junk.

I like big bytes and i cannot lie.
posted by D.C. at 6:15 PM on January 19, 2016 [5 favorites]

Baby monitors are great as the kid gets older because you can overhear them plotting their next moves, and you can just happen to oh, bring in some laundry about the time they start talking about giving the baby a haircut. Just put it somewhere unobtrusive and never remove it. Michel Foucault and his Panopticon got nuthin' on the mamas.
posted by jfwlucy at 6:36 PM on January 19, 2016 [5 favorites]

The only use case I can think of for making an internet connected baby monitor is to enable negligent parenting. What are you supposed to do with it, monitor your sleeping child from the bar? That stuff should be local-network only.
posted by cosmic.osmo at 9:32 PM on January 19, 2016

Usage restrictions can be ancillary to good security, but you can never invoke a dumb practice as an excuse for getting bitten by hidden weak security: Maybe the user does have a legitimate need for a remote baby monitor - either give them a secure one, or tell them it can't be done.
posted by Dr Dracator at 10:16 PM on January 19, 2016

The only use case I can think of for making an internet connected baby monitor is to enable negligent parenting. What are you supposed to do with it, monitor your sleeping child from the bar? That stuff should be local-network only.

I know several parents who use them to let distant grandparents see the grandchild.
I also know one that uses one while travelling for business.
(I suppose she could be logging in from the hotel bar, but I wouldn't call her negligent...)
posted by madajb at 12:19 AM on January 20, 2016

The only use case I can think of for making an internet connected baby monitor is to enable negligent parenting. What are you supposed to do with it, monitor your sleeping child from the bar?

It's so that a parent who's away from home overnight can still check in on the kid if they want to. In my experience it's the kind of selling-point gimmick that sounds a lot more useful than it ends up being, but I did appreciate ours when I was in hospital a couple of times when my kid was a few months old, or when me or my husband were travelling for work.

(Obviously our child comes with us to the pub. We're not monsters.)
posted by Catseye at 12:20 AM on January 20, 2016 [4 favorites]

Call me in 10 years when embedded devices security isn't a complete clusterfuck. This is not only not surprising, it's par for the course right now.
posted by iffthen at 1:30 AM on January 20, 2016 [2 favorites]

To me the issue is that security has to be more transparent. We absolutely have the technology to make devices close to absolutely safe, but if that means four factors worth of verification before you can turn it on, no one will use it. It's the issue I have with smoke alarms, they're life-saving devices but if a user can't cook a meal without the alarm freaking out, eventually the batteries will get pulled.
posted by Octaviuz at 6:24 AM on January 20, 2016 [2 favorites]

This is exactly what I was worried about when we were looking at baby monitors recently. We settled on the standard radio baby monitor, which drastically cuts down the chances of creeps. If someone wants to see the baby remotely we can set up a Skype session or the like.
posted by angryostrich at 7:53 AM on January 20, 2016 [1 favorite]

Most of these devices have about 3 levels of hardening to go without users having to feel any extra pain due to high security. I mean stuff like using HTTPS instead of HTTP, not using old SDKs that have remote code execution exploits that were known 4 years ago, badly coded web interfaces with XSS exploits--All of which are completely transparent to users.

These are just dumb things that people who don't know any better, or don't care, do.
posted by jjwiseman at 7:58 AM on January 20, 2016 [2 favorites]

I totally sympathize with normal people without special tech expertise who just want a secure blog or something, but end up getting hacked because, well, software sucks and there are a lot of high-powered hackers out there. But for iOT devices, security is the developer's job, and they clearly aren't even trying.
posted by jjwiseman at 8:03 AM on January 20, 2016 [2 favorites]

TBH, we're still many steps away from thinking about how to protect against determined hackers.

It sounds like we still need to get people to stop building devices that create open WiFi networks that anybody can log into. My parents have a printer that does this, and it's incredibly frustrating because it isn't even possible to turn it off.
posted by schmod at 8:43 AM on January 20, 2016

That stuff should be local-network only.

In a world where home routers have XSS exploits in their config pages, making a WiFi IoT device hosting web pages only listen to local traffic doesn't help that much. I mean it's much much better than letting it through the firewall but any webhost on the local network can be pwnable if it's vulnerable to XSS.
posted by BungaDunga at 5:11 PM on January 20, 2016

We keep the monitor on even though the Scatterkitten is pushing four, but part of that is because he has developed the belief that he is incapable of leaving bed until a parent gives him permission and will otherwise stay there until he wets himself in the mornings rather than just get up and come to us. You have to listen for the creaking of his bed when he starts turning over more than usual.

Also he gets bad dreams or leg cramps a lot, and if we're downstairs we can't hear him call. Bright sides include yes, the adorable singing-self-to-sleep gag and the bit where I used to tell him that I was "listening on the radio" if he needed me to reassure him that it was okay to fall asleep, and now he will pick up the monitor and use it like a walkie-talkie: "I'm calling for help. This is Archie, calling for help. Please come to Archie's bedroom." He's like a tiny supermarket manager.
posted by Scattercat at 11:36 PM on January 20, 2016 [1 favorite]

When I was little I would have loved random correspondence with some creepy hacker. And when I was stoned in college I would have loved to try and blow some kids' mind that I would never meet.


And a world where this happens but... TWIST... I'm the toddler and the adult talking to each other, is I'm pretty sure the movie Looper if it was written and directed by Richard Linklatter
posted by elr at 12:39 AM on January 21, 2016 [1 favorite]