Despite being really useful, smart devices can be exploited for disrespectful purposes. This is the case of a family from Florida, US, who shared images of the moment a stranger accessed their Ring security system to send them racial slurs, information security specialists report.
Over the last weekend, the family was at home when the unauthorized user forced an alarm to be set on throughout the house, and then began to throw insults at family members.
In the video it can be heard the teenage voice of the alleged hacker, asking parents to search for a website, which they refused to do: “I’ll leave your family alone, or maybe you could do this,” the hacker said before resounding the alarm. The attacker subsequently tried to read a URL, but was unable to complete its action, as the parent removed the batteries from the device to immediately deactivate it.
In an interview for NBC, Josefine Brown, an affected family member, said she believes that the person responsible has been watching his family for a considerable time: “He knew we have a child, the only explanation is that they’ve been watching us for a long time,” the mother says.
As for the device compromised during this incident, it is manufactured by the Ring company, owned by Amazon, which develops home security systems with WiFi capabilities and control through a mobile app, information security specialists mentioned.
A couple days later, the affected family stated that Ring has already identified a potential data breach in some external service, a situation that put their login credentials to the surveillance system within the threat actor’s reach. In addition, the company advised the family to perform a reset of their login credentials, suggesting that the incident would have to do with the use of the same password on different online services or platforms.
In this regard, Ring released a statement mentioning: “The trust of our users is essential, as is the security of each of our devices. After investigating the incident, we will begin implementing the necessary steps to improve the user experience.” The company also ruled out that the incident stems from a security breach in its systems.
Ring users can implement multi-factor authentication to add more protection to their systems, so a user trying to log in will need to provide the system password, in addition to a code sent by the company, usually via SMS, to verify that the login attempt is legitimate.
Matt Walmsley, from information security firm Vectra believes that the most important measure to prevent cases like this is securing user passwords: “Preventing passwords from being compromised in breach incidents data is vital, as any hacker can access filtered data sets and try to access multiple platforms or services using stolen information, which becomes more dangerous if people use the same password in more than one service.”
A few weeks ago, Bitdefender experts discovered the presence of a vulnerability in one of Ring’s solutions that, if exploited, would allow a hacker to extract the device administrator’s WiFi network access credentials. Ring responded by announcing a security update, although it appears that this has not been enough to protect users from unauthorized access.
This is not the first time a hacker group compromises security in one of these systems. A few months ago, information security specialists from the International Institute of Cyber Security (IICS) reported that a Google Nest user was the victim of racial slurs sent through this device. After an investigation, the company determined that the incident occurred due to a data breach on external websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.