Recent story about hackers and internet security cameras: “She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.”
@Scotty I moved this to its own thread because I think it’s pretty important, given the popularity of Ring Cameras… people need to see this
See? This is what I’ve been on about!
This is part of the problem here:
For LeMay, who works overnight at a hospital as a laboratory scientist, the cameras not only gave her “peace of mind” but also helped her children feel safe.
There’s a HUGE difference between feeling safe and being safe… and when we can’t tell the difference, we can make some pretty poor choices
So far, I think every one of these hacking stories I’ve read also say about they had an unsecured network, or password as their password.
YES, and Amen!
I was reading about this “recovered” peeping Tom’s story (I know this throws the subject to a different type of security features) BUT do people (Victims are majority of time women) not realize you are 10x more likely to have a peeping Tom in your neighborhood than to be victims of property theft or home invasion (Sorry for my Toms out there, we don’t mean you, as I’m certain your aware its name for them)
Moreover single women are more likely to be a victims of this sexual crime. Are you securing the property with lights, cutting down hiding places, and lastly do you have curtains?
The author went on to say that one of the first of many times he did it, he turned around and there was a guy behind him! Well assuming he was caught he took off…but later would cross with him again and before too long there was three men that were performing these sickening acts together with him. In other words, they were a group of predators.
He went on to say that no one ever called the police on him for the longest time and when finally caught he was only charges with Trespassing.
Sorry I’ve messed the topic up!
But thought it important to make SURE you really are safe!
A big point that people are missing is when reading this article is that they did not hack the camera itself. They hack the account that had access to the camera. Also they were able to hack the account because she did not setup two factor authentication.
With the computing power that PC’s have today complex passwords can be cracked in second by hackers.
OK so in addition to be a gun guy I am a computer geek as well. I have investigated this incident and it was NOT Ring hacked but a careless user with poor account habits. Most will not use a password manager as I do, but you have to realize that it is important to have a solid password, WHICH IS USED NOWHERE ELSE. In addition almost everyone has a cell phone now and Ring (other mfg’s as well) offers two factor authentication. This means that for a hacker to gain access they would need to know your password and also to get the six digit code sent to your phone by Ring when joining the network. Simple to be safe, but so many are careless and in fact clueless about their poor habits. This is not a computer forum so I won’t elaborate but there is much you can do to isolate access from non-LAN connections.
Hey, @glockguy, when would you recommend an app like Dashlane or should I scrap it and write down all my passwords?
I recommend an app called KeePass. There are many similar apps on the market, but this one I can confirm uses sufficient encryption on it’s database. Also, always use 16 character password which include a special character and a number. I recommend using passphrases as a way to make friendly yet complex passwords. A sample might be “USCCAblogsEvery1Day!”
Either one of the password mgrs you suggested is decent. The magic of a well run password mgr is that you only have ONE password to remember (the Master Password, which grants access to the data file containing your whole collection). That in conjunction with a solid two factor authentication means there is virtually zero chance of someone getting at your vault. My data file is stored on Microsoft Azure cloud but nothing leaves my device before being locally encrypted so even a “hack” of the server would leave the hacker with ZIPPO! I can access my data from any computer in the world IF I know my password and have my physical U2F key in my hand. No physical key and I am hopelessly locked out, as even my provider would be. BTW I use Bitwarden because they support Linux and all my machines are running 100% linux.
The better password mgrs will auto generate very complex passwords, which again you do NOT need to remember. With over 100 accounts I don’t even know one single password other than my Master Password. NO repeats on any account, which is another key to your security.
I don’t know if Admins want to turn this great forum into a computer security thread running on and on. Its my passion but I reserve some content not wanting to “fork” off of the purpose for which this forum exists.
Here’s an interesting breakdown of what that Ring camera is doing with your data:
Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system. In the past, we’ve illuminated the mismanagement of user information which has led to data breaches, and the attempt to place the blame for such blunders at the customers’ feet.
This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship. As we’ve mentioned, this includes information about your device and carrier, unique identifiers that allow these companies to track you across apps, real-time interaction data with the app, and information about your home network. In the case of MixPanel, it even includes your name and email address. This data is given to parties either only mentioned briefly, buried on an internal page users are unlikely to ever see, or not listed at all.
When it comes down too it…Ring is liable!
(In my opinion)
(1) Its server is theirs to maintain no matter the losing battle it may be or not (Hacked or not) Example, when Experion was hacked, it was not the “hackers” responsibility to reimburse damages to me & millions of other Americans.
I know people actually suffers damages that were “tangible” but so did families! Think about the private stuff they could have RECORDED!
Ring will have to pay up for damages no matter if they like it or not in my opinion. Plus no matter what the victims are asking it can never give them their privacy back!
I have cameras and other security devices but they’re all hardwired, no wireless this or wireless that, nothing to connect to the internet. There is one box in my house that only my wife and I know where it’s at. All the wires to all the cameras and power wires are all ran through the wall so you cannot track them. Technology is great but unfortunately has a lot of exploits. I take my home security and defense very seriously. so no wireless or anything on the internet.
Agreed. I own Ring products, but
- the passwords have been changed
- I’m also an IT guy (DoD) and I’ve got my Ring products sandboxed in their own VLAN (I use Ubiquiti @ home) so they ONLY thing they can talk to is their servers.
Granted, this doesn’t mean it can’t happen, but it sure as hell makes it a lot tougher for them to be accessed by anyone other than me.