Ring lacks basic security features, making it easy for hackers to turn the company’s cameras against its customers.
Joseph Cox for Vice’s Motherboard:
It’s not so much being watched. It’s that I don’t really know if I’m being watched or not.
From across the other side of the world, a colleague has just accessed my Ring account, and in turn, a live-feed of a Ring camera in my apartment. He sent a screenshot of me stretching, getting ready for work. Then a second colleague accessed the camera from another country, and started talking to me through the Ring device.
“Joe can you tell I’m watching you type,” they added in a Slack message. The blue light which signals someone is watching the camera feed faded away. But I still couldn’t shake the feeling of someone may be tuning in. I went into another room.
My colleagues were only able to access my Ring camera because they had the relevant email address and password, but Amazon-owned home security company Ring is not doing enough to stop hackers breaking into customer accounts, and in turn, their cameras, according to multiple cybersecurity experts, people who write tools to break into accounts, and Motherboard’s own analysis with a Ring camera it bought to test the company’s security protections…
Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in—entirely common security measures across a wealth of online services.
MacDailyNews Take: If you have a Ring device, at least make sure you are using two-factor authentication.
Another option for a privacy “leak.” The world doesn’t need another pair of this kind of eyes.
Hey, it needs to be this way if Amazon is to share your feed with local law enforcement…
Why can’t such devices be regarded as Trojan Horses and publicly be identified as such?
Hey, here’s an idea. Don’t set up “security” cameras in every room inside your freaking home… 🙄
So let me get this straight…
Somebody with the correct user name and password was able to access an account?
Why is this newsworthy?
That’s some CIA-level hacking, for sure!
This is horseshit. This is stupid people who use password as their password, don’t use 2FA, and are generally naive and brain dead when it comes to tech, then blame the company due to their stupidity.