ABC News has a story out today about how owners of Amazon’s Ring security and doorbell cameras have been subjected to verbal abuse and ransom demands by hackers. One family said a voice taunted their 8-year-old daughter though the camera in her room, while another claimed that a voice screamed at them to wake up before demanding payment in bitcoin.
If any of these horror stories sound familiar, it’s because similar ones about Google’s Nest cameras have been making the rounds over the past year. In both cases, the cause appears to be the same: Hackers are targeting people who reuse the same names and passwords on lots of different apps and websites. When one of those sites suffers a security breach, hackers can use the stolen names and passwords to try breaking into other accounts elsewhere.
In these cases, it’s tempting to blame the users for not taking security seriously enough, but some blame also lies with Ring and Nest for not requiring stricter security measures. Neither company wants to add too much friction to the signup process, even if the alternative is more scary hacking stories coming out.
Anyway, if you want to make sure your own security camera doesn’t get hacked, there are a couple steps you can take:
- Use the website Have I Been Pwned? You can use this site to check whether your email address and password have been exposed in a security breach. If so, it’s time to change that password. Here’s how to create a new one without driving yourself crazy.
- Consider setting up two-factor authentication: This requires you to enter a code from your phone whenever you log into an app on a new device. (Getting the code via text message is better than nothing, but generating codes in an authenticator app is best.) Ring’s setup instructions are here, and Nest’s setup instructions are here.