There's a reason Internet-connected thermostats, televisions, and other everyday appliances are growing increasingly popular. In an age when smartphones are nearly ubiquitous, people can crank up the heat, record TV programs, and check home-security systems without getting off the couch or leaving the little league game that's gone into extra innings.
But there's a flip side to the convenience. Just as Internet connections give new capabilities to the people using the devices, they also create new opportunities for stalkers, thieves, and hackers. A case in point: in August, Ars described how smartphone-controlled lighting systems from Philips could be commandeered by malicious websites to cause persistent blackouts. Now, the same researcher behind that hack has devised a new proof-of-concept attack. It turns a wireless baby monitor made by Belkin into a stealthy bugging device that can be accessed by someone in your front yard... or halfway around the world.
The WeMo brand monitor is simple to use. Connect it to a home Wi-Fi network and access it just once over the same network with an iPhone or iPad app Belkin makes available for free. The device will then have unfettered access to all audio picked up by the pint-sized device. Access to your home Wi-Fi network isn't necessary for the app to work after initial setup; all conversations within earshot of the monitor can be tapped as long as the iPhone or iPad has an Internet connection. The ease of connecting is no doubt intended to be one of the selling points of the WeMo monitor. But its lack of password authentication can just as easily be viewed as a liability since it exposes users to surreptitious monitoring by baby sitters, former spouses, or anyone else who even once manages to get on the home network. The only way to be sure that the device is locked down is to continually check the monitor's settings panel to ensure no unrecognized devices are connected to it.