Over the last few weeks, the media published stories about hacked Amazon Ring devices that allow hackers to get unauthorized access to consumer video monitoring devices such as Amazon Ring. One of the warnings recently issued from Fight For The Future stated that Amazon Ring cameras are not safe. The consumer group quoted a report from VICE saying that there is a growing black market for software to hack ring devices, likely being purchased by stalkers, cybercriminals, and those wishing to harm children.
The incidents that involved Amazon Ring cameras over the last few weeks are undoubtedly awful – a stranger ended up talking to an 8-year old girl from Mississippi telling her that he is Santa Claus while watching her roam around in the room. Similar incidents happened in Florida, Georgia, and Connecticut too. So briefly, creeps are indeed able to find their way into people’s lives through Amazon Ring devices. However, this does not necessarily mean that Amazon Ring can be easily hacked. The company issued a statement saying that Ring’s services have not been compromised and completely denied all the allegations seen in the media recently.
So how are those strangers able to get access to the video feeds of devices such as Amazon Ring?
The answer is painfully short – poor password hygiene. Technically, Amazon Ring cameras are not hacked – the login details used to access those devices are. Users who experienced security incidents simply did not use a unique password and username when signing up for Amazon Ring.
Over the last decade, there have been multiple high-profile data breaches; the login details of billions of people have been leaked. If you tend to reuse a password, very often the question is not if the password has been stolen in the past, but how many times it has been taken. Our investigation shows that even right now, the dark web is full of hackers claiming to sell stolen login credentials, and literally, anyone can purchase those files. Once those stolen credentials end up in the wrong hands, bad actors can start matching the stolen login details with accounts by Amazon or Nest. Most of the times, they will find a match pretty easy.
So why is Amazon Ring under so much scrutiny?
Consumer groups say that companies such as Amazon Ring should start being more pro-active in educating the people about the importance of maintaining good password hygiene and enforce the 2-step authentication offered in the Ring app’s account settings. The extra layer of security would prompt Amazon to send a text message via phone with a unique code whenever the account owner or someone else attempts to log into a Ring account and is asked for your Ring password.
The chances of you becoming a victim are slim as long as you use strong and unique passwords, and you have antivirus software installed on all your smart devices. Apart from offering password management tools, antivirus software is also helpful as hackers do not like it when they have to work hard. Even if they target you, they would most likely move on to the next potential victim if they see that you have multiple layers of security.