Ring Camera Hack: How to Know If Your Home Camera Is Compromised

The Ring camera recording from the corner of your room may be intended for security, but what happens when an unwanted visitor sneaks into the live-feed? In recent weeks, several users in the U.S. found out—with accounts accessed by strangers and used to spew racist slurs, blare alarms and have creepy conversations with children. Is there any way to know if the surveillance device is actually being used to spy on you? It's good news and bad news: Steps can be taken to bulk up account security, but it appears Ring cameras are lacking some key anti-hacking precautions. In a series of tests conducted by Motherboard earlier this week, the back-end cybersecurity of Ring user accounts was found to be somewhat lacking. They do not offer a way to see how many users are logged in, do not check user passwords against lists of known compromised credentials and fail to question unknown IP addresses. In a physical sense, the only real way to check if a camera is peering at you is to look for the light on the device. Robert Baptiste, a security researcher who has analyzed Amazon-owned Ring in the wake of recent intrusions, told Newsweek there is little way of knowing if a camera is actively hacked. "Two-factor authentication is more than needed," he said when asked about the security of the internet-connected cameras. "People have to understand that they will not have any privacy with this kind of product. The best recommendation is to change the password and enable 2FA." His suggestion aligned with the response to the intrusions from Ring, which blamed the wave of unauthorized access on password reuse. It denied suffering a data breach, although Buzzfeed reported yesterday that thousands of compromised Ring credentials were found online. A Ring spokesperson has been contacted for comment. In a blog post on December 13, the company advised users to use two-factor authentication, add shared users and create stronger passwords. It said "additional security features" would be introduced for accounts and devices, but did not elaborate on what they would be. It said: "Recently, we were made aware of an incident where malicious actors obtained some Ring users' account credentials from a separate, external, non-Ring service and reused them to log into some Ring accounts. Unfortunately, when people reuse the same username and password on multiple services, it's possible for bad actors to gain access to many accounts." "Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Out of an abundance of caution, we encourage customers to change their passwords and enable [2FA]," it added. Until Ring forces greater cybersecurity on everyone by default, users are advised to change their login details and turn on 2FA, which means the owner needs to have two separate codes before account access is granted. In theory, the process bulks up security significantly. Any users who are concerned their credentials have been compromised can use the free online service "Have I Been Pwned" to check if the details have previously been leaked in a major data breach. A password manager can also be used to generate and store a unique password. The victims of recent intrusions only found out their accounts were accessed after a voice started blaring from the speakers or their child screamed for help. Baptiste told Newsweek it was not surprising to hear the news, as web-connected devices have famously weak security. "In general, security is terribly bad for this kind of device," the researcher said. When asked how users can stay safe, he added: "Don't buy a Ring camera is also good advice." That mirrored the stance of a collective of privacy campaigners, who claimed earlier this week that Ring devices pose a risk to familes and the public. In its blog post last week, Ring said: "Customer trust is important to us, and we take the security of our devices and services extremely seriously. As a precaution, we highly encourage all Ring users to follow security best practices to ensure your Ring account stays secure."