A hacker broke into a Ring camera placed into the bedroom of three young girls. He spoke to one of them through the device’s speakers. The parents installed the camera just four days prior. Like most other IoT hacks, this one was caused by weak password security. This makes it easier for hackers to take control of the device and invade users’ privacy.
Do You Want to be My Friend?
An eight-year old girl was left terrified last week when she heard noises coming from her bedroom. The child’s parents had installed a security camera a few days before. The mum wanted to keep an eye on the girls while she worked shifts as an overnight nurse.
After she heard a banging noise and music playing, the girl went to her bedroom to investigate. Next, a voice said: “I’m Santa Claus, don’t you want to be my best friend?”
According to the mother who shared the images with a local news channel, the camera was hacked.
The Mississippi case was not the only incident last week. Several other families came forward with equally terrifying stories. A couple from Georgia installed a camera to watch their puppy while at work. Suddenly someone started talking telling the woman “he could see her in her bed”.
A Florida family was confronted with racist slurs. The abuse continued for several minutes, until they removed the batteries from the camera.
In the meantime, in Texas, a hacker demanded a 50-bitcoin ransom from yet another family, waking them up in the middle of the night.
Weak Password Security
All four incidents were reported to Ring. In each case, the hackers were able to use weak password security to access the users’ dashboard and speak to them directly using the camera’s speaker.
Ring offers two-factor authentication for better protection. However, some people are not using it. Many smart home cameras and other IoT devices have been hacked in the past using the same weakness.
Ring Urges Users to Better Secure Devices
In response to the incidents, Ring said: “Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials from a separate, external, non-Ring service and reused them to log in to some Ring accounts. Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.”
Upon learning of the incident, Ring promptly blocked bad actors from known affected Ring accounts and contacted affected users. “Customer trust is important to us and we take the security of our devices seriously. Our security team has investigated this incident. We have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.”
As a precaution Ring urges users to use strong passwords, regularly change passwords and enable two-factor authentication. The company also advises to add shared users instead of sharing login credentials.