Ring indoor cameras are supposed to help keep us safe but, after a recent rash of hacks, it's time to ask if the risk is worth it.

By Kristi Pahr
December 30, 2019

Ring devices have been all over the internet lately—saving suburbia from porch pirates out to steal packages and helping identify people up to no good. But, unfortunately, most of the attention over the last few weeks hasn’t been because the devices increased neighborhood security. In fact, it’s been just the opposite. Ring has been on the receiving end of a whole boatload of negative press due, ironically enough, to security concerns.

Parents are also using these devices, but not to protect their deliveries and keep watch on their driveways—they're installing them indoors to help keep an eye on their kids—a nanny-cam for the new generation. Simple to use and install, indoor Ring cameras seem like the perfect solution and can provide a bird's eye view of what's going on in your kid's room.

Several reports have come to light recently of the devices being hacked, leading to inappropriate interactions with children, racial abuse, and demands of ransom. Most disturbingly, the victims of the hacks had no idea they were being watched or for how long. The cameras, touted as providing a frontline defense for home security, had been installed in bedrooms and living spaces, allowing hackers a birds-eye view into the private lives of their victims, some of whom were children.

In response to the flurry of negative media attention, Ring advised users to change their passwords and enable two-factor authentication, but many think the company, owned by Amazon, should be doing more to protect the privacy of their customers and not put the bulk of the responsibility of protection onto consumers who may not understand the risks involved when installing internet of things (IoT), cloud-based devices in their homes.

To separate fact from fiction and help people understand how best to avoid these terrifying scenarios in the future, here’s what parents should know about Ring cameras and how to stay safe.

Courtesy of Ring

How Do Indoor Ring Cameras Work?

Easy-to-use and with no need to install wiring, indoor Ring cameras plug into existing wall outlets and connect to your home's WiFi. Owners must set up an account on the Ring website and provide payment information for ongoing subscriptions, but once account setup is complete the cameras are ready to go.

Ring cameras allow two-way communication, night vision, and connect with an app on the owner's phone, so parents can see what's going on and talk to kids in another room without having to yell through the house for kids to get ready for dinner or clean up their room. Sounds like a dream come true, right?

How Secure Are Ring Devices?

According to Ring, the recent attacks were all password-based. Hackers used software to parse username and password combos until they hit the right combinations to access the cameras. PCMag Software Security Analyst, Max Eddy explains, “The reports I have seen around the Ring attacks suggest that attackers brute-forced accounts using software that simply cycled through stolen login credentials from other sites. If someone used the same credentials on their Ring account, the attacker was able to get in.” Login credentials are stolen during data breaches then compiled in various dark web locations, allowing hackers to gain access to lists, usually for a fee. If consumers use the same password for several different websites, hackers are able to match the stolen credentials to current website logins and gain access. 

“If a customer used a unique and complex password and enabled two-factor authentication, it seems likely this attack would not be successful,” states Eddy. “While this puts some of the onus on customers, I would argue that Ring could have done more to secure the accounts of its customers. The company could have required users to enable two-factor authentication when they created their accounts. These cameras provide a view into our most intimate spaces, and the account security features should be accordingly robust.”

What Consumers Can Do to Protect Themselves

Update Passwords

Changing your password to a long, complex password would go a long way to prevent hacks likes the ones recently in the news, says Eddy. “That said, there are a variety of ways to attack IoT devices, including Ring cameras. A phishing attack, for example, could trick users into willingly handing over their login credentials. These attacks work by sending convincing emails and using phony sites designed to mimic legitimate ones,” he explains. “It's a good idea not to follow links sent via email, and instead navigate directly to the site and login that way. If people receive suspicious messages about account information, they should contact the company directly to confirm.”

The number one way to keep yourself safe is to work on your security habits. Instead of using the same password across multiple platforms, switch it up to something unique for each site. “Remembering passwords, especially strong passwords is really hard which is why so many people reuse their passwords,” explains Eddy. “Instead, we recommend using a password manager. This is software that creates, stores, and automatically inserts hard to crack passwords. There are several excellent services out there, but most browsers and operating systems include the ability to create and store unique passwords.”

Use Two-Factor Authentication

Eddy explains that usually, accounts use just a password, but enabling two-factor authentication provides another level of security. ”When you enable two-factor authentication, you use a second method in addition to the password," he says. "Usually, this is a one-time use passcode sent via SMS (text message) or generated from an app. That way, even if an attacker is able to guess or obtain your password, they'll still have to find a way to get past the second-factor requirement.” 

The convenience and appeal of IoT devices are pretty universal. They’re simple to use and they definitely help to simplify our lives, but the risks are quite real. Following these few simple safety protocols can diminish those risks until the tech companies catch up with the dangers and enact adequate back-end protocols to protect consumers.

Advertisement

Comments

Be the first to comment!