Are your smart appliances spying on you? In the past few weeks, the national news in the US has been filled with stories of families being terrorized by strangers through their Ring camera systems. The compromise of the camera systems was due to the re-use of previously compromised username/password combinations and the lack of two-factor authentication. The hacking of Ring cameras has been so easy that dumps of compromised accounts have been appearing on the DarkWeb.
Ring has somewhat thrown its users under the bus for using compromised passwords but at the same time, Ring has also not implemented some security protocols that other companies have to detect unauthorized logins. If you think about when you log in to Google from a new location, you get an email letting you know that a new login/device has been detected. Ring does not have that. Also, when you set up an account, you are asked to verify your email address but not prompted to enable two-factor authentication (2FA) which would block unauthorized access.
I had the opportunity to test out how easy it is to compromise a Ring account with Enzo Marino from Fox5 Las Vegas. I quickly set up an account with Ring using my email address and the good ol’ password of “12345678” and shared those credentials with Enzo. With my username and insecure password, Enzo logged into my account and went through to see all the information I had in my account, even that he could change my password if he wanted. We also checked out the website “Have I Been Pwnd” (haveibeenpwned.com) where I showed him that my personal email credentials had been compromised a total of eight times (Thanks Yahoo!, LinkedIn, and others!)
There also has been stories of hacked Nest Hub systems where an attacker was able to compromise a family’s Nest and proceeded to blast loud, offensive music to the family and turned up the temperature of their thermostats.
And smart toys and baby monitors are also vulnerable to hacking, you can read more on that in our post “The Dangers of Internet Connected Toys”.
Here are a few things that parents can do to help secure your smart home technologies:
- Immediately change the username and password of the device, if possible
- Use strong, unique passwords. Don’t trade ease of use for security
- Enable two-factor authentication for account access and account changes
- Put your smart devices on a separate wireless network than your computers
- Turn off location tracking or restrict as much as possible
- See if there is a way to disable two-way communication
- Disable cameras and microphones or tape over/cover cameras