back to article NurseryCam hacked, company shuts down IoT camera service

Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off. News of NurseryCam's compromise was conveyed to the company by The Register just after 5pm on Friday, leading the firm to tell parents: "On 17:18 Friday 19th February 2021, it has come to our …

  1. Flak
    FAIL

    'bout time!

    Only have themselves to blame...

    Poor product, poor security (a euphemism), poor response, poor customer service.

    Time to get the claims in for refunds!

    1. IGotOut Silver badge

      Re: 'bout time!

      And hopefully the ICO will hit them hard, after all think of the children!

      1. Evil Harry
        Meh

        Re: 'bout time!

        The ICO might as well be run by children for all the impact they seem to have.

      2. sanmigueelbeer Silver badge
        Coat

        Re: 'bout time!

        And hopefully the ICO will hit them hard

        HAHAHAHAHAHAHAHA, *choke*, HAHAHAHA ...

      3. Anonymous Coward
        Anonymous Coward

        Re: 'bout time!

        When (if) you eventually have kids you WILL be thinking of them and this security breach, not just in the cyber sense but in a real sense if paedos got hold of any of these videos along with the kids home addresses, is a disgrace. Yet another company without the requisite security knowledge touting some must-have Internet of Shit service for one of the few areas where security is REALLY important. The C-Suites should frankly be thrown in the nick for this because these sort of people really need a serious kick up the arse. Just fining the company will make zero difference.

  2. steviebuk Silver badge

    Sick of companies

    That ignore warnings. Like the parking fine companies I pointed out had issues. Had no contact details, only snail mail address. Then to silence the report they falsely claimed copyright on my YouTube video about it. No matter, copy of it is on Odysee and LBRY, then a whole article was written about it for my blog.

    Knobs.

    1. Michael Wojcik Silver badge

      Re: Sick of companies

      Security is hard. DMCA takedown is easy. The rest is economics.

      Until IT companies have real liability for producing poor products, they'll continue to produce poor products.

  3. suburbazine

    So 125 Euro per hour for security consulting is extortion?

    Such tender emotions on these people. I'll build them a safe space they can be protected from reality in for a modest $185/hr.

  4. Mark192

    Security is expensive

    I guess security is hard when you, and no one you've hired, knows what security looks like.

    Security is expensive. I wonder how that compares to the business-ending crunch they now find themselves in?

    1. ThatOne Silver badge

      Re: Security is expensive

      > business-ending crunch

      They claim insurance and all is good?

    2. Michael Wojcik Silver badge

      Re: Security is expensive

      Security is hard, full stop. It's impossible when you don't employ anyone who understands it.

  5. Potemkine! Silver badge

    Let's rain the PR BS

    "Security of our customers is our first concern blah blah blah"

    "We take very seriously the security of our products blah blah blah"

    When you don't invest in cybersecurity, invest in PR: some people are so gullible it can be a better investment.

  6. Stephen Wilkinson

    While I have no sympathy whatsoever for the company involved for producing an insecure system, I don't agree with "The person who identified the loophole has so far acted responsibly. He stated he has no intention to use this to do any harm [and] wants to see NurseryCam raise the overall standards of our security measures."

    Surely acting responsibly means telling the company, not dumping the data online, poorly redacted or not?

    1. Richard 12 Silver badge

      Almost certain that they did, and were ignored like everyone else.

      NurseryCam are probably now saying this public line because the alternative is to admit they completely ignored the warnings for a very long time, and thus greatly increase their fine.

      The ICO really should throw the absolute book at this company. They won't be able to afford expensive lawyers to drag it out, and when they lose they'll simply close down, but it will make a good headline and may work "por encouragement les autres"

    2. sabroni Silver badge

      re: acting responsibly

      The article differentiates between the "security researcher" who did the responsible disclosure and the "hacker" who leaked the badly redacted customer info.

      1. Androgynous Cupboard Silver badge

        Re: re: acting responsibly

        Yes that's a pretty crucial point that bears repeating - there's no suggestion that the source for the article last week was the hacker, and in fact I suspect he's the least likely suspect.

        What's more likely is someone, reading this, thought "ah, low hanging fruit", and a few days later - as sure as night follows day - we have SHA1 passwords on the net. Unsalted, no doubt.

    3. tip pc Silver badge

      There is a linked article where the same company blamed a researcher for notifying them of issues in their product and claimed they where acting irresponsibly.

      At the moment they are getting free security vulnerability testing. They need to pay someone to fix their shortcomings. Up till now they’ve been ignoring their issues and literally putting children at risk.

  7. Warm Braw Silver badge

    There is another story here...

    Firstly, if, as a parent, you are so concerned about the safety of your child that you need to have them under constant surveillance, why on earth are you committing them to the care of strangers?

    Secondly, if the parents of other children can view your little darlings as they colour in the nursery walls, why would you be so concerned that other random strangers might be able to do the same?

    And if that was a real concern, wouldn't you be pressing for nurseries to be windowless prisons with high perimeter walls?

    This class of product seems often to be based on creating an illusory threat in order to sell a "solution" to it. While it's clearly a concern if the supposed solution is flawed, isn't the bigger problem that people are falling for the illusion?

    1. ElPedro100
      Facepalm

      Re: There is another story here...

      Absolutely agree. We are living in an "App for Everything" culture. Just another thing for people to stare at on their mobile phone screens.

      In addition I would guess that many of the affected users are already sharing the video of their little cherubs throwing a tantrum at the nursery on Facebook or Twitter (other antisocial media networks are available) in order to gain more followers and become influencers.

      Seems to be the way the world is going. I despair for the next generation or even this one in a few years time.

    2. AW-S

      Re: There is another story here...

      "why would you be so concerned that other random strangers might be able to do the same"

      It's why certain "other random strangers" are watching that is the concern.

    3. Michael Wojcik Silver badge

      Re: There is another story here...

      To be fair, in the US, private child care is often the only option for parents who work (and working is often the only option); and child-care options are often limited. Surveillance with insecure IoT crap may be the least of the available evils.

      It's not universal, of course. I have relatives who ran or run excellent nursery schools and daycare centers, and have thus far managed without Internet-connected cameras. My granddaughters have attended child care at institutions that were similarly free of them. But dangerism is increasingly prevalent and industrialized societies are flooded with cultural products, from websites to television to pontificating politicians, encouraging the surveillance state. And IoT cameras are a cheap sop to parents who buy into that religion.

      I don't know if the situation is any better in the UK, but considering the UK's love affair with CCTV, I'm guessing it isn't.

  8. Lotaresco

    What's the point of NurseryCam?

    I think it's obvious. It's so that "doting" parents can show off how their little crotch goblin is getting on at nursery to friends, neighbours, and family. Look everyone! Little THX 1138 has just learned to crayon a dinosaur!

    1. Anonymous Coward
      Anonymous Coward

      Re: What's the point of NurseryCam?

      Yes but no but yes but no.

      It's also an excellent way of ensuring staff don't fall foul of basic human weaknesses and act unprofessionally or mistreat the kids, because they're being 'watched'.

      It's no different from CCTV, just has more people able to access it.

    2. TimMaher Silver badge
      Pint

      Crotch goblin.

      “Are you a goblin mister?”

      “No ma’am, I’ve just got a headache.”

      Great reference to THX1138 @Lotaresco. Get you a crate of beer for that one.——->

  9. Maximus Delfango
    Facepalm

    It’ll be the same story as Owlett (remember them)?

    Percentage spent on cute logo, pastel coloured website, and “our story” tweeness? 20%

    Percentage spent on ratty hardware firm cheapest provider? 2%

    Percentage spent of software development in coding sweatshop? 0.05%

    Percentage to founders? 77.95%

    Funnily enough their website is down.

    Won’t someone think of the children? Worryingly, someone probably is and has been for a while.

    1. Michael Wojcik Silver badge

      Re: It’ll be the same story as Owlett (remember them)?

      Or TicTocTrack.

      We need another circle of Hell for the people who peddle this stuff.

      1. Lotaresco

        Re: It’ll be the same story as Owlett (remember them)?

        "We need another circle of Hell for the people who peddle this stuff."

        We already have the Fourth Circle (Greed) and the Eighth Circle (Fraud). One of those would house the people responsible, I'm sure.

  10. Stoneshop Silver badge
    Headmaster

    ... wants to see NurseryCam raise the overall standards of our security measures.

    Raise.

    That would imply there's any in the first place.

    "Wide open" kind of disproves that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021