Many people use internet-connected security cameras for the convenience of being able to monitor their home from afar. Parents often use them to watch their children (especially infants). However, according to a Tennessee news station, a local family witnessed in horror as someone hacked their Ring camera and taunted their 8-year-old with music and "encouraged destructive behavior" before the father quickly disconnected the camera.
Ring responded today with a statement clarifying that its services were not compromised:
"You may have recently seen reports that Ring services have been compromised, and we want to inform you that we have investigated this incident and have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.
Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts. Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts.
Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Out of an abundance of caution, we encourage Ring customers to change their passwords and enable two-factor authentication."
Unfortunately, due to the popularity of Ring's cameras, tools used to hack Ring cameras have also risen in popularity. A sleeping woman was woken up by someone yelling through her Ring camera to wake up. Another report from Texas involved attempts to coerce a couple to pay a bitcoin ransom. A Florida family was terrorized by someone spewing racial epithets through their Ring camera.
Motherboard reported on an actual podcast, live-streamed to Discord, called NulledCast in which hackers commandeer Ring and Nest cameras and harass the owners. The aforementioned Florida family was a victim one of the podcasts. According to Motherboard, members of the hacking forum, Nulled, attempted to remove evidence of the Ring hacks by rolling back the forum database by four days. Later, an administrator posted an update banning discussions of Ring accounts as well as sales of any Ring or Nest accounts.
The multitude of hacking reports underscore how vulnerable Internet of Things (IoT) devices can be if steps aren't taken to secure them. Many IoT devices lack their own security measures and depend on the users to secure the accounts they're linked to. However, as we've seen in this article, many people use poor cybersecurity practices by reusing credentials across many different websites and not turning on two-factor authentication.