A few years ago, Ring entered the market as a way to keep your home secure. They were one of the first to advertise a service where you can check on your home no matter where you are. However, a recent spike of Ring camera hacks has shown the darker side of entrusting home security to IoT.
Hackers have cracked the security behind the Ring IoT system. They have used this knowledge to gain access to security systems and spy on people. Even worse, they can use the microphone to say things to their victims.
In early November Bitdefender reported the Ring doorbells leaking Wi-Fi passwords news. These passwords were stored in plaintext, meaning a hacker could then access the Wi-Fi network immediately after getting the password.
Then, during this month, a hacking spree of Ring cameras happened. One of the more innocent hacks involved someone using the Ring camera to talk to two dogs.
Not all attacks were innocent, however. One attack targeted an 8-year-old girl, where a hacker called her racial slurs before trying to convince her that he was actually Santa Claus.
Another attack involved the hacker setting off the Ring’s alarm, then taunting the family dog. It scared the family so much that the father slept with a gun that night.
Yet another attack had a hacker get into the Ring camera in a woman’s home. He said hello to her, then asked her to perform a sexually charged act. This caused her to worry about who was recording her behind the lens.
How Did These Attacks Occur?
Amazon, the company behind Ring, was quick to pass the blame on to the users. When victims approached Amazon for an explanation, the company accused weak passwords of being the culprits.
This is very suspicous, however. If the fault was really on the user, how come hackers could gain access to Wi-Fi passwords through the doorbell? Why was the password not encrypted and stored in plaintext?
Vice did some extra searching into the matter. They noticed that Ring lacks any basic security measures that are expected of something so sensitive.
For example, anyone can log in from any country without the device warning the user. One might argue that this is because users should be able to view their cameras while on holiday, but the lack of confirmation means anyone can log in and view through the cameras without a problem.
Also, Ring doesn’t report how many users are watching through the camera. It can tell you if someone is watching via a blue light on the unit itself, but is that a loved one or a hacker? If a hacker was watching alongside a user, there would be no way to spot the extra viewer.
Given how the Ring doesn’t report past logins, it’s very hard to tell if someone’s lurking in the system. Ring also doesn’t block incorrect logins, meaning hackers can brute force the system. In fact, there is software available that constantly tries passwords on a Ring account until the hacker gains access.
Ring of Fire
The Ring camera has suffered a wave of attacks in the course of one month. Amazon is keen to put the blame on the user, but the evidence suggests otherwise.
As such, we don’t recommend investing in Ring cameras. If you do decide to install smart cameras, be sure you’re buying from a company that takes your privacy seriously.
Does this put you off of buying IoT cameras? Let us know below.