In a recent blog post, we introduced the Ring video doorbell. This is a home security solution that lets you see what’s going on outside and inside your property via an app and a video feed through the device itself. Should you consider this option for your own home, you may have questions about how hack-proof Ring is. Could someone hack it?
Yes, the Ring video doorbell can be hacked, and it has happened. Sometime in 2019, the company suffered a bad case of credential stuffing, a type of hacking. This may have affected thousands of Ring users.
In this article, we’ll provide a deep dive into how Ring was hacked in 2019 and what the implications of this are. We’ll also discuss how to tell if your Ring is hacked and share some methods to ensure that your Ring video doorbell is HACK-PROOF. Keep reading!
How Has the Ring Video Doorbell Been Hacked?
In December 2019, Consumer Reports published an article about a hacking incident affecting Ring video doorbell users. While according to representatives at Ring, what transpired wasn’t an “unauthorized intrusion or compromise of Ring’s system or network,” it’d still be considered hacking.
The type of hack that occurred is known as credential stuffing. With this cyberattack, a hacker harvests breached information and attempt to apply it elsewhere. For instance, if another company besides Ring had been hacked prior, usernames and passwords would be illegally obtained. The credential stuffers would then take these usernames and passwords and try to get into Ring accounts with them.
It may sound like an unsuccessful venture, but it works more often than you might think. Lots of people don’t bother to change their usernames or their passwords from one account to another. Therefore, if a hacker gets into one, they could very well theoretically get into another and more still.
The Ring hack was quite substantial, as the company reached out to about 3,000 users and requested they update their passwords. Also, for the first time, Ring asked its customers to implement two-factor authentication.
If you’re not familiar with this, two-factor authentication is a means of further protecting your sensitive login information. Now, instead of providing just a password, you might input a code the company sends you through email or text. It proves it’s really you using the service.
Ring’s staff clearly recognized the oversight in failing to mandate two-factor authentication prior to the hack. After all, should a hacker get into your Ring video doorbell, they could glean a lot of personal information about you. They’d know your time zone, your address, and your phone number. Even worse, they could potentially be able to tap into your Ring video feeds through the app, controlling which footage is kept and which is removed. They could also do anything they wanted with said footage, such as post it online, destroying someone’s sense of privacy. These hackers can even talk to you through Ring, which is horrifying.
How Do You Know If Your Ring Video Doorbell Is Hacked?
If you were involved in the latest breach, then Ring should have personally contacted you, likely via email. In their message would be the request to change your password and turn on two-factor authentication.
Even if you were safe from that hacking, that doesn’t mean there won’t be others. In fact, savvy hackers can break into the Ring video doorbell on a much smaller scale anytime. Take, for instance, the story of a man in Miami whose Ring was hacked by his ex-boyfriend as reported in Gizmodo in 2018. This man updated his password (more than once) and yet still was stalked in his own home.
While the exploit that allowed this to happen was fixed sometime later in 2018, it’s still a chilling example of what can take place when unscrupulous characters get into your Ring account. So too is this story from Popular Mechanics about an older man accessing the feed of a young girl’s bedroom through Ring and saying creepy things to her. That article was published in December 2019 as well, so it may have been part of the latest breach.
If you suspect you may be a victim of Ring hacking, how would you know? There are a few ways the video doorbell tells you, so keep an eye out for the following:
- The light on your Ring turns blue and begins blinking
- The security camera may get a data flow you don’t recognize
- Your camera rotates uncontrollably
- The camera may also make noise when it didn’t used to
If you set up your Ring to record video footage, then it’s possible you can catch hackers that way. That was the case with the family who got hacked by the creepy man. Of course, you can’t tell who someone is by their voice alone unless you happen to recognize their voice, but having video footage at the very least proves something unsavory is going on. Whether the other party could be identified and penalized remains to be seen.
How to Prevent Hackers from Getting into Your Ring Video Doorbell
In today’s technologically connected age, it’s normal to worry about being hacked. Usually, this worry is centered around our smartphones or laptops, but now we have the Ring video doorbell to add to that list of hackable devices as well.
You don’t have to let hackers win. By making smart decisions and cleaning up behavior that could invite hackers in, you can keep your Ring video doorbell safe. Here’s how.
Keep Your Passwords to Yourself
You can add extra users to your Ring account, but that doesn’t mean they all have to know your password. Instead, see if you can set up the rest of your family as shared users. The fewer people who are aware of your password, the harder it is for it to potentially get into the wrong hands.
Create a Password That’s Hard to Hack
Is your password the name of a beloved pet or maybe your hometown? You could even use your mother’s name or the street on which you grew up. You probably have some numbers in front of or after the word, right? They may be something like 1-2-3 or even 4-5-6.
Any predictable patterns in your password are exploitable. That includes ascending or descending numbers and well-known names or words. You may have chosen a somewhat easy password for your own benefit, mostly so you can remember it. After all, it’s always a pain to have to reset your password if you didn’t want to.
The problem with easy passwords is that if they’re simple for you to remember, then they’re simple for someone else to figure out. We recommend using a password generator service such as LastPass to have a random password generated for you. You can determine how many characters you want the password to be, whether it uses all characters, how easy it is to say and read, and whether it has symbols, numbers, lowercase, and uppercase letters.
Each password LastPass generates is unique, so you’ll never get the same one twice. Yes, if you play around with a lot of numbers and symbols, you’re going to get a password that’s impossible to remember. It also becomes a lot harder to hack.
We suggest making a note of your password somewhere so you can always keep track of it, even if it is more complex.
Use a Unique Password
Do you use the same password for your email as you do for your bank account, your social media, and your Ring? If so, you’re like most people, who prefer convenience.
The problem with repeating passwords like this is that you’re the perfect target for hackers. Enough people reuse passwords that credential stuffing has become a thing, but you can break the cycle.
Change your Ring password so it’s not the same as all your other passwords. When you have time, why not go back and change those other repeat passwords as well? You’ll be glad you did.
Never Skip Two-Factor Authentication
Two-factor authentication exists for your security. If you have the option to do it when signing up for a new account, please, take advantage of it. That includes more than just Ring, but any new service you join. It makes your account that much more secure, and who doesn’t want that?
What Should You Do if Your Ring Video Doorbell Is Hacked?
You’re fairly certain your Ring video doorbell has been hacked. How do you handle such a situation?
Before anything else, you want to change your password. This will hopefully keep the hacker from getting back into your Ring account. You may also want to turn off your Ring so it’s no longer projecting a feed onto your property, and especially into your house. This gives the hacker nothing to see. Remember though, you have to update your password first, or else the hacker will get right back in and turn the feed on again.
Next, we recommend you get in touch with a Ring customer service representative and perhaps even Amazon, which owns Ring. Tell them you’ve been hacked and ask what they recommend. They might not suggest anything beyond changing your password and activating two-factor authentication, especially if this is a singular incident and not a larger breach. Still, follow their instructions if you haven’t already instituted those measures yourself.
You may never find who was hacking you, but what’s most important is stopping the situation in its tracks before things get potentially dangerous.
Conclusion
Ring is a video doorbell that’s proven to be hackable. In December 2019, Ring was the victim of credential stuffing. This is where hackers take information obtained from a previous breach, like usernames and passwords, and use them to log into Ring.
To prevent yourself from being involved in the next Ring hack, don’t share your password with many people. Also, reset your password to a more complicated one that’s not so easy to guess, and make sure this password is unique. Further, when given the opportunity, always use two-factor authentication. Best of luck and stay safe!