Perhaps one of the most perplexing aspects of modern “smart home” technology is how willing people are to install internet-connected cameras all over their homes. Yes, the same internet on which people use passwords like “123456.” After a widely reported Ring camera hack, Motherboard investigated and found a network of online ne’er-do-wells specifically targeting the company’s cameras.
This week, local Tennessee media reported on a story that’s becoming all too familiar. A family installed a Ring camera to keep an eye on their young kids. Several days later, someone had broken into the Ring account and used the camera to chat with one of the children. That is an understandably upsetting scenario, and it’s remarkably easy for hackers to gain access to poorly protected cameras.
Ring’s response to this incident is predictable but also offers good advice. It says it’s investigating the incident, but all users should enable two-factor authentication on their accounts. That’s one of the best things you can do to keep any online account secure. A hacker won’t be able to access your account unless they have both your phone and your login credentials. Ring does have some culpability, though.
According to Motherboard, multiple hacker forums contain tools aimed at brute-forcing Ring cameras. Using so-called “config” files, hackers can try username and password combinations repeatedly and at high speed until they get a hit. Usually, these logins come from unrelated data leaks, but people do tend to reuse passwords despite years of warnings. The tools to do this cost next to nothing — Motherboard found a popular Ring “password checker” was being sold on an unnamed forum for just $6.
Ring isn’t the only company for which hackers have developed config files to check passwords en masse. It’s also a problem with Uber, Facebook, and others. However, Ring’s status as a maker of home security cameras makes it much more sensitive than most accounts. Ring could probably do more to encourage users to choose strong passwords and set up two-factor. For example, Google-owned Nest recently switches to Google logins, which have industry-leading security features. It also pesters people in the app to configure two-factor if they haven’t already.
Security cameras can be a useful tool, but nothing is 100 percent secure. Let this be a reminder that you should never put a camera in a room that you wouldn’t want someone else to see.
- Leaked Ring Document Details Creepy Facial Recognition Neighborhood Watch Feature
- Amazon’s Ring Security Camera Let Employees Spy on Customers
- Secret Agreement Required Police to Promote Amazon’s Ring Doorbell Cameras