Is Your Smart Camera System Spying on You?

Are your smart appliances spying on you? In the past few weeks, the national news in the US has been filled with stories of families being terrorized by strangers through their Ring camera systems. The compromise of the camera systems was due to the re-use of previously compromised username/password combinations and the lack of two-factor authentication. The hacking of Ring cameras has been so easy that dumps of compromised accounts have been appearing on the DarkWeb.

Ring has somewhat thrown its users under the bus for using compromisedpasswords but at the same time, Ring has also not implemented some securityprotocols that other companies have to detect unauthorized logins. If you thinkabout when you log in to Google from a new location, you get an email lettingyou know that a new login/device has been detected. Ring does not have that.Also, when you set up an account, you are asked to verify your email addressbut not prompted to enable two-factor authentication (2FA) which would block unauthorizedaccess.

I had the opportunity to test out how easy it is to compromisea Ring account with Enzo Marino from Fox5 Las Vegas. I quickly set up anaccount with Ring using my email address and the good ol’ password of “12345678”and shared those credentials with Enzo. With my username and insecure password,Enzo logged into my account and went through to see all the information I hadin my account, even that he could change my password if he wanted. We alsochecked out the website “Have I Been Pwnd” (haveibeenpwned.com) where I showedhim that my personal email credentials had been compromised a total of eighttimes (Thanks Yahoo!, LinkedIn, and others!)

There also has been stories of hacked Nest Hub systems where an attacker was able tocompromise a family’s Nest and proceeded to blast loud, offensive music to thefamily and turned up the temperature of their thermostats.

And smart toys and baby monitors are also vulnerable tohacking, you can read more on that in our post “The Dangers of Internet Connected Toys”.

Here are a few things that parents can do to help secure yoursmart home technologies:

• Immediately change the username and password ofthe device, if possible
• Use strong, unique passwords. Don’t trade easeof use for security
• Enable two-factor authentication for accountaccess and account changes
• Put your smart devices on a separate wireless networkthan your computers
• Turn off location tracking or restrict as muchas possible
• See if there is a way to disable two-waycommunication
• Disable cameras and microphones or tape over/covercameras