Ring Cameras —are they really being hacked?

Recently, there have been multiple articles written about a now-viral story of a Tennessee family’s Ring camera being hacked. The hack allowed the attacker to access the home Ring camera feed, and then watch and converse with the family’s children. While this is definitely concerning, these stories have been hyped in a way that is misleading and we’d like to provide clear advice despite the chaos of viral media.

The real culprit is poor security hygiene

Let’s start with the fact that hackers didn’t actually break into Ring security cameras. The camera itself was not hacked. The account associated with the camera was hacked, allowing the attacker to have legitimate access to the camera’s feed with stolen account access. The better headline should read, “Hackers broke into a Ring user’s account.”

This has nothing to do with Ring’s security and everything to do with the user’s poor cyber hygiene. When a person’s account gets hacked, the fault is in the individual’s account security. Had the Ring camera itself been hacked, the company would be responsible. More than anything, the story of the hacked Ring account is an expensive lesson in long, unique passwords.

How hackers hijacked the account

In this and every other case in where a Ring’s camera feed has been hijacked, the users have suffered from a combination of using a poor or re-used password and–even worse–did not have two-factor authentication enabled.

Because this couple reused the same password across multiple accounts, attackers were able to try their password against multiple accounts using readily available software that automates the process. Once their software successfully logs into an account, the hacker now knows which account they can hijack.

The power of multi-factor authentication

If the couple had two-factor or multi-factor authentication (MFA) enabled, an attacker would not have been able to get into the Ring account and access the camera feed, even with a known password. If all else fails, MFA will save the day. We’ve even got a list of vendors that support two-factor authentication.

What you can do to prevent creepy account hacks

At Rubica we remind our families and customers that it’s is up to us to secure the things within our control. In the case of your online accounts (like your Ring doorbell) you should have a unique password for each account. We recommend password managers like LastPass or Dashlane and we can’t say enough that enabling 2FA (or MFA) is one of the most important things you can do to keep your online accounts safe. If your home gets robbed because you left the door unlocked, you can’t blame the home builder.

At Rubica, we emphasize the idea that everyone should take charge of their security. It’s such a central security topic for our customers that we put together our best advice on MFA to help you stay safer online.