NORTH TEXAS (CBSDFW.COM) — It’s a device meant to give owners peace of mind. But smart devices such as Ring security cameras are becoming an easy target for hackers.
In a video that’s now gone viral, a stranger used a Ring camera to speak directly to a young girl in Memphis.
“Who is that?” asked the girl, alone in her bedroom.
“I’m your best friend, I’m Santa Claus,” the man responded.
Ring allows users to view their home security footage from any location, at any time. But the reality is, so can anyone else.
“Consumers purchased this because they wanted the visibility of their own privacy,” said Tim Shelton, the Chief Technology Officer at Hawk.io. “I think the dichotomy of that is you expose yourself to other people doing that, as well.”
Shelton is also a professional hacker who goes by the name, “Redsand.”
It’s not just your Ring camera at risk. Anything connected to your home network, such as smart TVs, smart locks and even smart refrigerators, could be susceptible to outside interference.
Shelton said all that’s needed to access these devices are user credentials. That’s why he said the best defense is simply changing passwords often.
He said Ring customers should also enable two-factor authentication on their accounts to ward off hacking attempts.
“It decreases the likelihood significantly,” Shelton said.
With two-factor authentication, accounts can only be accessed with a code sent to a specified cell phone.
Here are other tips on safeguarding your home’s smart devices:
- Never incorporate personal information, such as your birth date or address, into your password.
- Never use the same password for multiple accounts.
- If multiple people share access to your Ring account, create a different log-in and password for each user. That will limit exposure to bad actors in the event of an attack.
- Avoid purchasing used home surveillance equipment. If you do buy used home surveillance equipment, reset the device to its factory settings.
Ring issued a statement in response to the incident in Memphis this week:
“Customer trust is important to us and we take the security of our devices seriously. Our security team has investigated this incident and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.
Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts. Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.
Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Consumers should always practice good password hygiene and we encourage Ring customers to change their passwords and enable two-factor authentication.”