Doorbell Security Cameras Not So SecurePosted: January 17, 2020
When parents hear, “Mommy!” yelled from their child’s room, it’s usually the result of a minor ouchie, or perhaps a stomach ache.
But, for recent users of doorbell security cameras, hearing, “Mommy!” come from their daughters’ bedroom turned their dreams of 'peace of mind' into a nightmare.
Hackers have recently been gaining access to users’ homes via their systems’ two-way talk features. Two-way talk allows users to see what’s going on in their homes and talk to the occupants from a remote location via smartphone or tablet.
One recent attack involved an 8-year-old girl who was told by a male voice over the Amazon Ring security camera in her bedroom that he was Santa Claus and wanted to be her friend—all after calling her racial slurs and telling her it was OK to mess up her room and break her television.
The frightened girl could be seen and heard calling for her mother in the video provided to the media.
In another instance, a woman was awakened while sleeping in her bedroom by a strange voice coming from her Ring security camera. The voice was yelling for her to wake up and calling her dog.
Google’s Nest Cam security cameras are not immune to hackers, either.
One couple experienced hearing a man’s voice over the camera system. It was talking to their baby and then yelling obscenities at them before asking why the homeowners were looking at him (the crook). They also reported that the hackers had made adjustments to their thermostat.
In yet another Nest Cam incident, hackers warned a family about a supposed North Korean missile strike.
A spokesperson for Ring told The Washington Post in a recent statement that the Santa incident “is in no way related to a breach or compromise of Ring’s security. Customer trust is important to us and we take the security of our devices seriously.” They added that the hackers “often re-use credentials stolen or leaked from one service on other services.”
Nest’s parent company, Google, told CBS News that Nest’s system was not breached, adding that reported incidents stem from customers “using compromised passwords … exposed through breaches on other websites.”
The Ring spokesperson told the Post, “Consumers should always practice good password hygiene and we encourage Ring customers to change their passwords and enable two-factor authentication.” To prevent these incidents from occurring, CNET.com urges companies to require two-factor authentication (2FA), not just suggest using it.
“2FA would need a second form of identity, often a one-time code sent to a phone after a username and password are entered, or a physical token that’s plugged in,” according to CNET.
The report adds that hackers are using a technique called credential stuffing, a practice of acquiring lists of stolen usernames and passwords and then trying to use them on different accounts. Software tools have been created to specifically hack Ring cameras.
Ring’s representatives told Vice, “As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords.”
Take precautions before hackers take your peace of mind via your home security system.