Ring responds to reports of its security cameras getting hacked

David Matthews

TS Maniac
Staff member

Many people use internet-connected security cameras for the convenience of being able to monitor their home from afar. Parents often use them to watch their children (especially infants). However, according to a Tennessee news station, a local family witnessed in horror as someone hacked their Ring camera and taunted their 8-year-old with music and "encouraged destructive behavior" before the father quickly disconnected the camera.

Ring responded today with a statement clarifying that its services were not compromised:

"You may have recently seen reports that Ring services have been compromised, and we want to inform you that we have investigated this incident and have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.

Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts. Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts.

Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Out of an abundance of caution, we encourage Ring customers to change their passwords and enable two-factor authentication."

Unfortunately, due to the popularity of Ring's cameras, tools used to hack Ring cameras have also risen in popularity. A sleeping woman was woken up by someone yelling through her Ring camera to wake up. Another report from Texas involved attempts to coerce a couple to pay a bitcoin ransom. A Florida family was terrorized by someone spewing racial epithets through their Ring camera.

Motherboard reported on an actual podcast, live-streamed to Discord, called NulledCast in which hackers commandeer Ring and Nest cameras and harass the owners. The aforementioned Florida family was a victim one of the podcasts. According to Motherboard, members of the hacking forum, Nulled, attempted to remove evidence of the Ring hacks by rolling back the forum database by four days. Later, an administrator posted an update banning discussions of Ring accounts as well as sales of any Ring or Nest accounts.

The multitude of hacking reports underscore how vulnerable Internet of Things (IoT) devices can be if steps aren't taken to secure them. Many IoT devices lack their own security measures and depend on the users to secure the accounts they're linked to. However, as we've seen in this article, many people use poor cybersecurity practices by reusing credentials across many different websites and not turning on two-factor authentication.

Permalink to story.

 

ShagnWagn

TS Evangelist
It's your own fault for putting these devices in your homes. It's even worse that you actually paid for them. Your stupidity is getting the better of you. Hopefully you learn your lesson, but if any of this has already happened, you probably won't. Maybe they can just put a "no hacking zone" sign up?
 

jobeard

TS Ambassador
My comment on iOT device privacy & security are at
 

QuantumPhysics

TS Evangelist
You have no idea how annoying it is allowing other people to have access to round the clock. Obsessive, annoying girlfriends/boyfriends tracking your movements and watching everything you do. Threatening you if you ignore videochats and calls. Forcing you to stare at them - or forcing you to let them watch you.


Now take that one step further - you've set up all this elaborate self-monitoring equipment and someone you don't want monitoring you starts using these things to monitor you.

Every text.

Every Email.

Every video chat

Every thing you've done: neatly categorized, time & dated, and organized so that they can invade your personal life and personal privacy.

This RING camera, I hope is a wake up call to these stupid parents that YES - someone can watch your daughter - in her bedroom - 24/7.

The only reason this hacker was even noticed is because he was chatting with her.

The scarier thing is, you can be cyberstalked from 10,000 miles away.
 
Last edited:

Gezzer

TS Booster
I'm another that's opted out on all these convenient IoT devices.

There's an old saying "The only secure computer is one that isn't connected to the net, never gets turned on, and is housed in a locked vault." Everything can be compromised. The more convenient and easier to use it is, the easier it is to hack. And IoT devices are some of the worst out there in that regard.

Cars.
https://www.komando.com/security-privacy/7-clever-ways-hackers-are-stealing-keyless-cars/495924/
Smart Speakers.
https://www.washingtonpost.com/business/2019/11/05/hackers-can-hijack-your-iphone-or-smart-speaker-with-simple-laser-pointer-even-outside-your-home/
Smart HDTVs.
https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds/

And so on, and so on. The major problem is user friendly is always less secure by nature. So in truth we're all vulnerable to one extent to another. The only response is to minimize your exposure, like IoT devices. Then fly under the radar and you're as safe as you're going to be in our connected world.