Hackers have compromised Ring security cameras, which in theory could allow third parties video and audio access to millions of homes.
There have been several recent incidents of hackers gaining access to Ring cameras in the United States. These cyber intrusions include harassment of residents with racial slurs via the camera’s built-in speaker, bitcoin ransom demands and inappropriate communication with children.
One Ring customer reported an incident involving a hacker who used the device to speak to her 8-year old child. He claimed to be Santa Claus.
Motherboard has confirmed that dedicated software for hacking into the cameras is currently available for purchase on dark web forums. Rather than exploiting a specific vulnerability, this software utilizes brute force credential-stuffing attacks that run through a series of usernames and passwords from other breached accounts until one of the combinations is successful.
Ring acknowledged the incidents, but placed the blame on poor password security.
“[W]e have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network,” the company said in a statement. “Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.”
In the same statement, Ring encouraged users to implement two-factor authentication to secure their devices, but doesn’t require it for installation and configuration.