Nightmare Home Security Camera Hack - Don't Let It Happen To You
Hackers Breach Ring
In Mississippi, a Ring security system was tampered with by cybercriminals who scared eight-year-old Alyssa LeMay by playing “Tiptoe Through the Tulips” to an empty bedroom.
As soon as Alyssa turned on the lights and attempted to check on the music, an unidentified male started speaking to her.
She started screaming for her mother when the voice coming from the Ring security system started calling her a racial slur as well as stating that they were best friends and that he was Santa Clause.
“Mom?” Alyssa asked, confused. “Who is that?”
“I’m your best friend,” the replied. “You can do whatever you want right now. You can mess up your room; you can break your TV. You can do whatever you want.”
Terrified, the little girl yelled at the empty room again, asking, “Who is that?”
“I’m your best friend,” he repeated. “Santa Claus.”
The little girl then left her room, telling the camera, “I don’t know who you are.”
While this might sound like something nightmares are made of, it is one of at least four similar cases that have been reported this month.
“I was down the street when my husband messaged me, asking if I had been messing with the girls with the Ring,” Alyssa’s mother, Ashley LeMay, told BuzzFeed News. “I started watching the video on my phone and when I heard his voice and realized it was not my husband’s voice my heart just dropped and I ran back to the house.”
Unsurprisingly, it left the whole family terrified, especially little Alyssa who is having trouble sleeping in her own room.
“She won’t even sleep in her room,” Ms. LeMay said on Saturday. “She actually spent the night with a friend the other night because she didn’t want to be here. She told me yesterday that it’s hard for her to remember the camera’s not there,” LeMay said. “She doesn’t want to be in that room. It’s really alarming to her that we can’t tell her who it was.”
After the whole ordeal took place, Ashley LeMay immediately contacted Ring, after she re-watched the ten-minute footage of the whole ordeal. Two days after that, Ring sent Ashley an email stating that they had detected unusual activity on their account. A couple of days later, a Ring employee told Ashley that her family account had been compromised causing a data breach from a third party.
“I asked if at some point they would be able to tell me if this was a targeted attack or who was interacting with my daughter, and he couldn’t provide a straight answer,” she said. “Then today we talked with the COO, and he told us that our Ring account had been hacked. I’m so frustrated.”
What is probably even more frustrating is that Ring stated how the company takes the security of its devices seriously and accredited these recent hacks to cybercriminals getting a hold of users’ login credentials, according to The New York Times.
“Our security team has investigated this incident and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the statement said. “Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., user name and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts.”
Ashley LeMay says she cannot help but feel “dumb” for even installing the indoor wifi cameras, but had done so because she only heard positive things from both friends and neighbors. Working nights as a medical research scientist, LeMay wanted to keep an eye on her girls as they slept so she could be there should they ever need her.
“My 4-year-old has a medical condition. She has a history of seizures and I can’t be there all the time,” she said. “I got them so when I am at work and my baby got up I could tell her, ‘Hey, I love you, go back to sleep,’ and she wouldn’t know I wasn’t there.”
The Ring Security System
The ring is an increasingly popular security product found in American households.
Users are able to monitor the cameras on the smartphone app released by the company as well as speak to people within their home and at their front door, using a two-way audio feature.
Ring also stated that it started to send out emails to millions of customers, prompting them to use multifactor authentication. This requires users of the Ring security system to verify their identity by entering a code that is received either by an authentication application or via text message.
In a statement to CNN, Ring said,
“Customer trust is important to us and we take the security of our devices seriously,” the statement said. “We have investigated this incident and can confirm it is in no way related to a breach or compromise of Ring’s security.”
According to the statement, Ring users “often use the same username and password for their various accounts and subscriptions.” If those were to fall into the wrong hands, those devices could be compromised.
“As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords,” the statement said.
Kelli Burgin, chairwoman of the cybersecurity department at Montreat College in North Carolina, said there are inherent risks with new smart devices.
“Nothing is 100 percent secure,” she said. “It takes a lot of layers of defense to make things more secure and to lower the risk. I understand the convenience of getting these devices, but I would also hate to see children exploited. We don’t know how long someone may be monitoring those cameras.”
Burgin recommends that people use passphrases instead of passwords, which are much harder for hackers and computers to guess on top of multifactor authentication.
Other Ring Security System Incidences
This is not the only incident where hackers have breached Ring. Earlier this month, Adam Krcilek, a father in Nebraska was stunned when he realized a voice was speaking to his daughter through the Ring camera on their kitchen counter.
He instantly unplugged the camera, calling Ring to relay what had happened to the company. Ring replied that it had confirmed a third-party had logged into the account. Something they were unable to trace. Once again Ring encouraged Krcilek to set up multifactor authentication.
“I explained to them I wish they would have pushed that out to people because they didn’t set that up when I originally got our Ring camera. That was not an option,” Krcilek said.
A similar story from a woman in Atlanta occurred when a man’s voice came through the Ring camera.
“I was laying there and had just put him in his crate, and I hear a cough over the Ring camera,” the woman said. “I see the blue light come on, so I text my boyfriend saying, ‘Why are you watching?’ We’re laying down, and we’re about to go to sleep, and he’s like, ‘What are you talking about?'”
“I can see you in the bed! C’mon! Wake the [expletive] up!”
When reviewing the history of the camera, it was uncovered that someone infiltrated their account on four different occasions.
In Florida, another situation with the Ring security system saw a Cape Coral couple harassed, with the hacker making racial comments regarding their biracial family.
“While it’s technically true that Ring hasn’t experienced a ‘hack’ or a breach, it’s also true that Ring’s customers expect better protection by default,” Elissa Shevinsky, CEO of cybersecurity company Faster Than Light told Newsweek. “Customers trust that the cameras in their homes are safe for their families. Sensitive systems, like home cameras, should require 2FA.”
How to Protect Yourself from a Data Security Breach
As hackers breach Ring around the United States, people are becoming more aware that protecting their home security from data breaches.
Many security companies have labeled 2018 the year of the data breach. This is because not only tech companies, retailers, hospitality providers, banks, but even homes were targeted by cybercriminals in security breaches.
A data breach occurs as a result of a cyberattack carried out by cybercriminals who gain access to a network or device in order to steal private data. Common data breaches include spyware, phishing, and misconfigured access controls.
Whilst cybercriminals perform most data breaches to steal your data, others do it just so they can prove they can.
How Do Data Breaches Occur?
An exploit is an attack that usually takes advantage of software bugs or device vulnerabilities. These are used to gain access to your system and it’s data. The most commonly exploited software can include the operating system, Adobe applications, internet browsers or Microsoft Office applications. Some cybercriminals can package grouped attacks as well.
Spyware is the kind of malware that infects your machine in order to find out information about you, what you get up to on the internet and once your system is infected, the spyware sends all your data back to the servers run by the hackers themselves.
Phishing attacks are achieved by getting users to share sensitive information such as passwords or user names. Many phishing attacks come via email that is faked to look as though it comes from a trusted company. If a user doesn’t have multiple factor authentication, the hackers will normally have all the information they need to hack into your accounts. Other forms of phishing attacks include social media messaging and SMS text messaging phishing attacks.
How to Prevent Data Breaches
There are a number of things you can do in order to make sure your data stays as safe as possible.
One of these steps is to practice data segmentation. Cybercriminals are free to move around on your network if you have a flat data network. You can slow hackers down by putting data segmentation in place, and therefore buying yourself time during a possible attack.
Introduce the principle of least privilege so that each user account only has access to whatever they are attempting to do and nothing more. If one user account is under attack this will mean that other user accounts will probably remain safe as the cybercriminals will not have access to the complete network.
Use an antivirus in order to detect any possible attacks before hackers can do any real damage. An antivirus program will protect you from many malicious intruders like viruses, ransomware, botnets, trojans, malware, phishing attempts, and more.
Today, antivirus software will protect you from more than just signature viruses, but will also cover you from unencountered attacks. Using new technology like machine learning, big data analytics, artificial intelligence, and behavioral tracking, antivirus software is also capable of detecting more sophisticated attacks. By installing an antivirus program, you will not only protect your desktop computer, but any smart gadgets in the home, like smartphones, tablets, laptops, smart TVs, smart thermometers, and security cameras.
Using a password manager is just as important as installing an antivirus program onto your computer today. Hackers are getting savvier, and unfortunately, with so many active accounts, users are getting lazier when setting passwords.
When setting a password, make sure to use a combination of letters, numbers, and symbols, and always avoid using the names of loved ones, birthdates, banking pins, pet’s names and other information that can be linked to you. Setting a separate password for each account is vital, but it can be challenging to remember them all.
A password manager will store your login information for all accounts and websites that you use and will log into them automatically. It will also encrypt all your passwords with a master password so you just have to remember the one to get in.
As the internet is crawling with criminals just trying to get their hands on your information, another excellent solution to stay safe is by employing a VPN. Subscribing to a Virtual Private Network will allow you to reroute your IP connection to a server in another location, making your true location.
Many of the best VPNs come with excellent security protocols as well as military-grade encryption. While a VPN cannot keep you completely anonymous online, it will be incredibly difficult for anyone to trace back your IP address to your actual identity.
What to do if Your Data is Stolen
If it is too late, and you suspect that your privacy might have been breached, you will have to take precautions in making sure the attackers get as little information as possible. It is important to remember that even if your data is part of a breach, sometimes this isn’t found out until years later.
Reset all of your passwords. This is easily done when you use a password manager, as all of your accounts will be listed in the one spot, usually with the ability to select at once all of the accounts that need their passwords changed.
Monitor credit and banking accounts and look for any suspicious activity that might be on there. You will be able to get a free credit report yearly with each of the main three credit bureaus.
Keep an eye out on your inbox. Hackers will take any opportunity to send out spoofed emails, trying to make them look legitimate and asking for you to “resend” or “confirm” your sensitive information. Remember that banks and organizations that you trust will never ask you to send sensitive information via email. If you think something isn’t right, pick up the phone and give the organization in question a call.
Think about credit monitoring services that will notify you Id someone is attempting to or has opened up credit in your name. Whilst you will be alarmed to this happening, often times you will not be protected from your data being stolen in the first place.
Using multifactor authentication is also the simplest form of keeping your data secure. You will need to confirm your identity by entering your login credentials as well as use a separate authentication code that might be sent to your mobile phone, for example.
Hackers Breach Ring Conclusion
Hackers breaching Ring might be alarming to people that have purchased the product, however, it is not the first time security attacks have been carried out by hackers, nor will it be the last.
The Ring security system obviously has flaws in its product, but users should also be aware that with hackers being savvier in terms of attacking your smart appliances, we need to be smarter in the way that we protect those same appliances from said attackers.
Make sure to always use multiple-factor authentication where you can as well as avoiding using identifiable passwords. Investing in antivirus software and a reliable password manager is the best way forward in keeping your family protected in your home.