Wednesday, December 18, 2019

Why Ring can’t just blame users for those home-invading camera ‘hacks’

Photo by Dan Seifert / The Verge

If you’re thinking of buying a Ring camera for someone as a holiday gift, read Motherboard’s deeply unsettling coverage first. Maybe you’ve heard about the podcast where people spy on homeowners’ Ring and Nest cameras for laughs? Motherboard decided to test how easy it might be to access someone’s Ring devices specifically.

Their reporters found Ring has failed to put in place some basic security measures that could protect users’ privacy. I mean, if I log into Gmail from a new browser, I get a text message and two slightly panicky emails. Motherboard found that Ring doesn’t even do that much.

Reporter Joseph Cox details how his colleagues were able to watch him getting ready for work, just by having access to his email address and Ring password, even though they were logging in from unfamiliar IP addresses. Not to mention that once an intruder is in your Ring account, they not only have access to a camera’s live stream, they can watch any videos that have been saved to your Ring account.

If you want to put a Ring on it, securing the device may be up to you

This is not the local TV sweeps week “you’re not safe anywhere” story, and that’s why it resonates so strongly: the reporters ask security experts what’s missing from Ring’s security measures, detailing each small thing. For example, Ring doesn’t check if your password was swept up in a hack elsewhere. It doesn’t send notifications to your phone to make sure a log-in is legitimate. And if someone who manages to find your password accesses your Ring account, there doesn’t appear to be any record of it. So an unwelcome guest could be watching you and you’d never be the wiser. It’s a methodical, careful look at the small things Ring (and other companies; it’s not just Ring) could be doing to make its cameras more secure, but isn’t.

There are things you can do, too, as Ring points out in a recent email to customers: you can turn on two-factor authentication (2FA), which lets you verify each login attempt with a button or code instead of relying on passwords alone. You can also check to see if some of your passwords were already part of a major breach.

Read the full rundown of Ring’s problematic security protocols at Motherboard. Brace yourself to be more than a little freaked out.

Original Article ©Copyrights

No comments