Multiple Internet of Things (IoT) devices have been embroiled in privacy and information security scandals recently, although a frequent guest at this party, without a doubt, is the Ring smart doorbell. During 2019, incidents related to the security deficiencies present in these systems were reported on more than one occasion, and although no significant consequences had occurred so far, this is about to change.
A class action lawsuit has been filed in a California court against Amazon, Ring’s owner company, due to ongoing hacking incidents related to the use of these devices.
John Baker Orange filed the class action last Thursday. The plaintiffs’ main argument is that low information security standards and limited design in Ring’s products have left thousands of surveillance cameras vulnerable to hackers, which has been widely documented during the most recent months.
The filing claimer claims that a while ago he bought a Ring camera to install it at his home. Orange claims that a few days after the device was installed, a hacker infiltrated, accessed to the camera’s feed and even interacted with his children, who were playing in the garden. Upon realizing the incident, the user disconnected the device.
“Ring aims to blame users and their passwords for information security flaws in their products,” Orange says. Among other points, demand states that Amazon and Ring did not care about establishing relevant security measures for a product designed to operate with an Internet connection, which is a serious omission. On top of that, Ring does not inform users about the need to enable multi-factor authentication as an additional security measure.
After the first reports about these incidents Ring mentioned that the likely cause was the use of the same password for multiple online platforms, which makes a user more prone to hacking incidents. However, a few months later it was revealed that a database with thousands of Ring names, email addresses, passwords and other user data was exposed online.
Another incident involving the hacking of a Ring camera was reported in Mississippi, USA, where a family claims that a threat actor agreed to their system to interact with an 8-year-old girl. Ashley LeMay, the affected mother, claims that days after she installed the camera to keep an eye on her young daughter, she began to hear the voice of a man coming from the device: “I’m Santa Claus, don’t you want to be my friend?” the stranger’s voice repeated.
A few weeks ago, information security specialists at the International Institute of Cyber Security (IICS) reported a similar incident, in which the attacker, apparently a teenager, infiltrated a family’s Ring security system in Florida, after which he began to throw racist slurs at the son of the family, who reported the incident to authorities and the company.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.