Previous Hacking and Vulnerabilities with Ring DIY Camera Devices
A discovery made last year by Bitdefender security researchers uncovered a critical vulnerability with Amazon-owned Ring DIY camera doorbells . Researchers show that WiFi passwords were being sent in clear, unencrypted text for the network the Ring device was connected to, leaving thousands of networks unprotected and open to cybercriminals.
Amazon states that the vulnerability was patched in September, but only publicly disclosed this vulnerability in the first week of November.
Despite this, Ring has experienced ongoing vulnerabilities, with several hacks taking place in December. One such incident woke a customer’s mother-in-law, with voices using vulgarities, calling for her and asking her to respond. After investigating the incident, they found no evidence of a compromise to Ring’s network or system. A Ring spokesperson stated, “We were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., user name and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts.”
Amazon’s Attempts to Remedy
In a letter to lawmakers, Ring disclosed that it has since fired four employees for abusing access to user video data. Ring has ultimately responded to these incidents by sending a mass email to customers, reminding them to enable multi-factor authentication, which verifies identity by sending a code by text, call or email. While this authentication method is required for new accounts, Ring stated in an article with The Verge, “the reason it hasn’t turned on two-factor authentication for all existing users is because that could lock current customers out of their cameras, cameras they may rely on for security.”
These security vulnerabilities come on the heels of previous scrutiny over Ring devices being used by law enforcement. Police have been able to access footage from various Rings devices using a companion app, which allows people to share video clips recorded by their devices publicly. However, they have also asked Ring to share addresses, names and email addresses, something not normally provided.
ASI and Professional Monitoring
Self-monitored DIY devices, like Amazon’s Ring cameras and video doorbells, fall short in many ways compared to professionally monitored systems. ASI partners with a certified Five Diamond monitoring center, providing our customers the best in professional home, business, and video security. All Systems Integrated is serious when it comes to the companies and products we work with. We hold ourselves to a high standard, working with tested products that use the latest encryption methods. Our technicians have years of experience in the IoT industry, ensuring your system is installed properly. Learn more about how we provide safe, professional monitoring on our website, or call our office at (253) 770-5570.