Florida family has shared footage of the moment their Ring security system was accessed without permission and used to spew racial slurs last weekend.
The incident occurred on Sunday in Cape Coral, with the culprit forcing a loud alarm to blare throughout the home before verbally taunting two parents, NBC-2 reported. The hacker, who sounds young, makes references to their son despite him not appearing in the frame.
"Is your kid a baboon, like the monkey?" the person can be heard saying, introducing himself as if it was part of a streamed video prank or podcast.
The clip shows the hacker asking the parents to search for a website, which they refuse.
He says "I will leave you and your family alone, or I could do this" before turning on the alarm.
As the batteries are pulled from the device, he can be heard trying—and failing—to read a URL.
One of the victims, Josefine Brown, told NBC-2 the person responsible was potentially looking into the home for longer than just Sunday. "They had been watching us because that's the only way you know I have a son and the only way you know what he looks like," she said
Ring, which is owned by Amazon, did not immediately respond to request for comment. Its range of products connect to a home Wi-Fi connection and a mobile application.
The couple told NBC-2 the surveillance firm told them its security team "identified that the email address and password of one of your external accounts was exposed in a data breach" and noted someone "may have used this method to attempt to gain access to your Ring account."
It wasn't clear if the credentials were linked to the Ring app or home Wi-Fi. There is nothing to suggest that Ring itself was hacked or compromised in any way.
The parents said they were asked to reset their credentials, indicating that the company believes password reuse may have played a role in the reported camera system break-in.
Ring says its customers can add an extra layer of protection by using two-factor authentication. If enabled, users have to provide two separate password codes when logging into their accounts, meaning if one is stolen or hacked the account has a better chance of staying protected.
Matt Walmsley, a director at cybersecurity and artificial intelligence firm Vectra, told Newsweek password integrity "seems to be a significant factor in this disturbing case."
"A compromised account would allow the hacker to remotely use Ring's built-in two-way chat feature and access all Ring devices associated to that account," he said. "It's relatively trivial for hackers to gain sets of breached usernames and passwords and test them out on a vast number of online services in the hope that people have reused the same password in multiple places."
Last month, a researchers from cybersecurity firm Bitdefender revealed they had found a flaw in a Ring product that could let a hacker steal a homeowner's Wi-Fi credentials. A spokesperson told PC Mag at the time an "automatic security update" had been rolled out to resolve the issue.
But it's not the first time a home security system has been exploited.
In January, a Google Nest user living in Illinois complained after his setup was compromised and used to speak to their 7-month-old child and spew racial slurs, including the N-word. Google told CBS at the time user passwords had been "exposed through breaches on other websites."
The scope of hacked passwords in the wild is staggering. HaveIBeenPwned, a system operated by security expert Troy Hunt that lets users check if their information has been stolen in one of the many data breaches in recent years, now shows more than 9 billion hijacked accounts.
A Ring spokesperson told Newsweek: "Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring's security.
"Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often reuse credentials stolen or leaked from one service on other services. As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords."
Ring Camera Hacker Uses Home Security System to Spew Racial Slurs at Family
"A compromised account would allow the hacker to remotely use Ring's built-in two-way chat feature and access all Ring devices associated to that account," one security expert told Newsweek.
www.newsweek.com