Facebook Twitter

Here’s what you need to know about recent Amazon Ring hacking cases

Do home security devices make you safer or put you more at risk?

SHARE Here’s what you need to know about recent Amazon Ring hacking cases
merlin_715355.jpg

A Ring video doorbell is pictured in South Salt Lake, Utah, on Thursday, Jan. 2, 2020.

Kristin Murphy, Deseret News

SALT LAKE CITY — A California lawsuit filed Dec. 26 details eight alleged instances of Amazon Ring security devices being hacked by strangers who taunted children, yelled racist obscenities or threatened to kill device owners via the two-way speaker system.

John Baker Orange from Jefferson County Alabama, who filed the class action suit against the California-based company, claims his three children, ages 7, 9 and 10 were playing basketball in their driveway when a voice came over the Ring camera installed over the garage. The unknown voice commented on the kids’ basketball game and encouraged them “to get closer to the camera,” according to the lawsuit.

While gadgets like Ring cameras are designed to make homes safer, people like Orange say they put families at risk.

“Ring does not fulfill its core promise of providing privacy and security for its customers,” reads the lawsuit, which comes amid increasing concern over tech companies like Google, Apple and Amazon listening in on recordings from home assistant devices and collecting personal data from the ever-expanding “Internet of Things,” which includes Wi-Fi enabled lightbulbs, smart refrigerators and even monitors that tell you when to water your plants.

Ring is a home security company that was acquired by Amazon in 2018 and sells devices that range from a $34 flood alarm to a $499 video doorbell that lets users “see, hear and speak to visitors” from anywhere. A Ring spokesperson said in a statement to the Deseret News that the company does not comment on legal matters. “Customer trust is important to us and we take the security of our devices seriously,” the spokesperson said.

Customers like Grant Allen, a 35-year-old urban planner who lives in Salt Lake City, say their Ring devices make them feel more secure. Allen installed an outdoor security camera after a shed behind his home was broken into for the third time in five years. He hopes that if another break-in occurs, the footage will help identify the culprit.

While Allen is aware of recent hacking cases, he feels confident in owning a Ring device because he has followed advice from cybersecurity experts, like using a strong, unique password and enabling two-factor authentication, which requires more than one action to log into an account.

“There is still the risk,” said Allen. “I suppose it’s a risk I am willing to take for the idea of feeling more secure.”

Who is responsible?

In December, Ashley LeMay from DeSoto County, Mississippi, shared footage with CNN affiliate WMC that showed an unknown voice taunting her 8-year-old daughter via a Ring device set up to monitor the girl’s bedroom.

LeMay initially installed the camera and two-way speaker system so she could check in on and even talk to her kids while she was away from home, according to WMC. But someone hacked LeMay’s account so they were able to see, hear and talk to the kids as well.

“I’m Santa Claus. Don’t you want to be my best friend?” the voice says to the visibly scared child in a recorded video.

“They could have watched them sleeping, changing. I mean they could have seen all kinds of things,” said LeMay, who admitted to WMC that she had not enabled two-factor authentication on the device. Since the incident, the family has taken additional steps to increase security, including setting their Wi-Fi so it is no longer visible to others, according to WMC.

A Ring spokesperson said in a statement to the Deseret News that the company has investigated reported incidents like this one and that “malicious actors” who gained access to account credentials are responsible for the hacking incidents. There is no evidence that Ring’s system or network was compromised, the spokesperson said.

Ring’s statement says, “when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.

“Consumers should always practice good password hygiene and we encourage Ring customers to enable two-factor authentication and change their passwords,” the statement reads.

But the Orange lawsuit says Ring is wrongfully placing the blame on users. The company could do more to encourage users to choose strong passwords and set up two-factor authentication; it could also alert users of attempted log-in from unknown IP addresses and require unique account names rather than using e-mail login, the lawsuit claims.

Vice’s Motherboard called Ring’s tech security “awful.” Journalists there looked at online forums and found that hackers have developed special software for breaking into Ring security cameras by quickly sorting through compromised email addresses and passwords. Some hackers have even shared their intrusions into other people’s homes on a podcast called NulledCast that was livestreamed to the messaging app Discord. In one episode, a hacker called Chance startled a Florida family with loud noises and harassed them with racist comments, Motherboard reported.

According to Motherboard, Daniel Cuthbert, global head of cybersecurity research at the multinational bank Banco Santander, said of Ring, “They are worth billions, so where is the investment in security?”

Police surveillance

Ring made headlines last year with reports the company has partnerships with more than 600 police departments around the country, allowing law enforcement to “quickly request and download video” recorded on Ring devices through the Neighbors Portal tool, as reported by The Washington Post. Neighbors is a free app from Ring that allows community members to share security footage and safety related information.

The Nassau County Police Department in New York is one of the agencies partnering with Ring to catch package thieves, otherwise known as “porch pirates” as well as people who break into vehicles, ABC reported.

In September, Sen. Edward J. Markey (D-Mass.) wrote a letter to Amazon CEO Jeff Bezos expressing serious concerns about user privacy and potential civil liberty violations.

“If you’re an adult walking your dog or a child playing on the sidewalk, you shouldn’t have to worry that Ring’s products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties,” Markey said, as reported by ABC.

The company responded to Markey’s inquiry by affirming that users can decline sharing footage from their device with police (unless compelled to do so with a legally binding search warrant). There are few restrictions on what police can do with the footage, or who they can share it with, once it’s in their hands, however.

In a follow-up response, Ring stated, “protecting the security and privacy of our users’ video recordings is paramount.”

Despite privacy concerns, Kyser Lough, 36, from Athens, Georgia, decided to get a Ring doorbell when he moved from an apartment to a house because he was worried about package thievery in his neighborhood.

“The whole police thing is part of why we were apprehensive about the Ring and cloud-based home surveillance in general,” said Lough. “It’s a slippery slope, and I worry about where things are trending.”

Lough said he saw a video post in the Neighborhood app that showed a guy walking up to a house with beer under his arm, ringing the doorbell and then walking away.

“Could’ve been casing the place, or maybe he was at the wrong address for a party. But regardless, now his face is out there,” Lough said.