Ring security camera was hacked; the owners were racially abused

Despite being really useful, smart devices can be exploited for disrespectful purposes. This is the case of a family from Florida, US, who shared images of the moment a stranger accessed their Ring security system to send them racial slurs, information security specialists report.

Over the last weekend, the family was at home
when the unauthorized user forced an alarm to be set on throughout the house,
and then began to throw insults at family members.

In the video it can be heard the teenage voice
of the alleged hacker, asking parents to search for a website, which they
refused to do: “I’ll leave your family alone, or maybe you could do
this,” the hacker said before resounding the alarm. The attacker
subsequently tried to read a URL, but was unable to complete its action, as the
parent removed the batteries from the device to immediately deactivate it.

In an interview for NBC, Josefine Brown, an
affected family member, said she believes that the person responsible has been
watching his family for a considerable time: “He knew we have a child, the
only explanation is that they’ve been watching us for a long time,” the
mother says.

As for the device compromised during this
incident, it is manufactured by the Ring company, owned by Amazon, which
develops home security systems with WiFi capabilities and control through a
mobile app, information security specialists mentioned.

A couple days later, the affected family stated
that Ring has already identified a potential data
breach in some external service, a situation that put their login
credentials to the surveillance system within the threat actor’s reach. In
addition, the company advised the family to perform a reset of their login
credentials, suggesting that the incident would have to do with the use of the
same password on different online services or platforms.

In this regard, Ring released a statement
mentioning: “The trust of our users is essential, as is the security of
each of our devices. After investigating the incident, we will begin
implementing the necessary steps to improve the user experience.” The
company also ruled out that the incident stems from a security breach in its
systems.

Ring users can implement multi-factor
authentication to add more protection to their systems, so a user trying to log
in will need to provide the system password, in addition to a code sent by the
company, usually via SMS, to verify that the login attempt is legitimate.

Matt Walmsley, from information security firm
Vectra believes that the most important measure to prevent cases like this is
securing user passwords: “Preventing passwords from being compromised in
breach incidents data is vital, as any hacker can access filtered data sets and
try to access multiple platforms or services using stolen information, which
becomes more dangerous if people use the same password in more than one
service.”

A few weeks ago, Bitdefender experts discovered
the presence of a vulnerability in one of Ring’s solutions that, if exploited,
would allow a hacker to extract the device administrator’s WiFi network access
credentials. Ring responded by announcing a security update, although it
appears that this has not been enough to protect users from unauthorized
access.

This is not the first time a hacker group
compromises security in one of these systems. A few months ago, information
security specialists from the International Institute of Cyber Security (IICS)
reported that a Google Nest user was the victim of racial slurs sent through
this device. After an investigation, the company determined that the incident
occurred due to a data breach on external websites.

Comments are closed.