NurseryCam hacked, company shuts down IoT camera service Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off. News of NurseryCam's compromise was conveyed to the company by The Register just after 5pm on Friday, leading the firm to tell parents: "On 17:18 Friday 19th February 2021, it has come to our …
When (if) you eventually have kids you WILL be thinking of them and this security breach, not just in the cyber sense but in a real sense if paedos got hold of any of these videos along with the kids home addresses, is a disgrace. Yet another company without the requisite security knowledge touting some must-have Internet of Shit service for one of the few areas where security is REALLY important. The C-Suites should frankly be thrown in the nick for this because these sort of people really need a serious kick up the arse. Just fining the company will make zero difference.
That ignore warnings. Like the parking fine companies I pointed out had issues. Had no contact details, only snail mail address. Then to silence the report they falsely claimed copyright on my YouTube video about it. No matter, copy of it is on Odysee and LBRY, then a whole article was written about it for my blog.
Knobs.
While I have no sympathy whatsoever for the company involved for producing an insecure system, I don't agree with "The person who identified the loophole has so far acted responsibly. He stated he has no intention to use this to do any harm [and] wants to see NurseryCam raise the overall standards of our security measures."
Surely acting responsibly means telling the company, not dumping the data online, poorly redacted or not?
Almost certain that they did, and were ignored like everyone else.
NurseryCam are probably now saying this public line because the alternative is to admit they completely ignored the warnings for a very long time, and thus greatly increase their fine.
The ICO really should throw the absolute book at this company. They won't be able to afford expensive lawyers to drag it out, and when they lose they'll simply close down, but it will make a good headline and may work "por encouragement les autres"
Yes that's a pretty crucial point that bears repeating - there's no suggestion that the source for the article last week was the hacker, and in fact I suspect he's the least likely suspect.
What's more likely is someone, reading this, thought "ah, low hanging fruit", and a few days later - as sure as night follows day - we have SHA1 passwords on the net. Unsalted, no doubt.
There is a linked article where the same company blamed a researcher for notifying them of issues in their product and claimed they where acting irresponsibly.
At the moment they are getting free security vulnerability testing. They need to pay someone to fix their shortcomings. Up till now they’ve been ignoring their issues and literally putting children at risk.
Firstly, if, as a parent, you are so concerned about the safety of your child that you need to have them under constant surveillance, why on earth are you committing them to the care of strangers?
Secondly, if the parents of other children can view your little darlings as they colour in the nursery walls, why would you be so concerned that other random strangers might be able to do the same?
And if that was a real concern, wouldn't you be pressing for nurseries to be windowless prisons with high perimeter walls?
This class of product seems often to be based on creating an illusory threat in order to sell a "solution" to it. While it's clearly a concern if the supposed solution is flawed, isn't the bigger problem that people are falling for the illusion?
Absolutely agree. We are living in an "App for Everything" culture. Just another thing for people to stare at on their mobile phone screens.
In addition I would guess that many of the affected users are already sharing the video of their little cherubs throwing a tantrum at the nursery on Facebook or Twitter (other antisocial media networks are available) in order to gain more followers and become influencers.
Seems to be the way the world is going. I despair for the next generation or even this one in a few years time.
To be fair, in the US, private child care is often the only option for parents who work (and working is often the only option); and child-care options are often limited. Surveillance with insecure IoT crap may be the least of the available evils.
It's not universal, of course. I have relatives who ran or run excellent nursery schools and daycare centers, and have thus far managed without Internet-connected cameras. My granddaughters have attended child care at institutions that were similarly free of them. But dangerism is increasingly prevalent and industrialized societies are flooded with cultural products, from websites to television to pontificating politicians, encouraging the surveillance state. And IoT cameras are a cheap sop to parents who buy into that religion.
I don't know if the situation is any better in the UK, but considering the UK's love affair with CCTV, I'm guessing it isn't.
Yes but no but yes but no.
It's also an excellent way of ensuring staff don't fall foul of basic human weaknesses and act unprofessionally or mistreat the kids, because they're being 'watched'.
It's no different from CCTV, just has more people able to access it.
Percentage spent on cute logo, pastel coloured website, and “our story” tweeness? 20%
Percentage spent on ratty hardware firm cheapest provider? 2%
Percentage spent of software development in coding sweatshop? 0.05%
Percentage to founders? 77.95%
Funnily enough their website is down.
Won’t someone think of the children? Worryingly, someone probably is and has been for a while.
Or TicTocTrack.
We need another circle of Hell for the people who peddle this stuff.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
