Ring and Nest security cameras targeted by hacking groups- Comment

Forensics
1

It has been reported that Ring and Nest security cameras are being targeted by hacking group who harass homeowners and broadcast the abuse on podcast – including a chilling ‘I’m Santa Claus’ threat to eight-year-old girl. The string of hacks are being linked back to a podcast that broadcasts the intrusions for laughs. According to a report from Motherboard, a podcast dubbed NulledCast, has been involved in a number of hacks on the Amazon-owned Ring security cameras in which hackers commandeer the device’s microphone to harass victims on the other side.

Commenting on this, Gavin Millard, VP of intelligence at Tenable, said “This week, we’ve seen a number of stories of Ring cameras being compromised. These intrusions aren’t due to vulnerabilities in the firmware but how the devices have been set up. According to a blog post from Ring, attackers are using stolen credentials from previous, unrelated breaches against Ring accounts to see if the ‘keys’ work, often referred to as credential stuffing.

“I personally use Ring for my own home, and one of the reasons I chose their ecosystem was its support of two factor authentication, although this isn’t enabled by default. This means users must select this option for themselves when installing the devices.

 

“At the moment, many IoT device manufacturers consider usability versus security for an end-user’s ‘out of the box’ experience. I’d advocate this must be reversed so we see security policies, such as two factor authentication, enabled by default. Until then, do yourself a favour and take the time to set it up – it’s a simple process that takes 30 seconds and the additional peace of mind is worth it.”  

 

(3)

Share

Article Link: http://digitalforensicsmagazine.com/blogs/?p=2930