New tests show that it’s still possible for people to crack your password and spy on you, if you are using a Ring Camera. That’s following reports this week of Ring cameras being hacked by strangers.
Motherboard – the tech arm of VICE – tested the Ring camera to see if improvements have been made since the flurry of hacking reports emerged earlier this week. The camera was set up in a journalist’s house, then overseas colleagues were invited try and log-in to watch the live feed.
They were able to do this with ease and sent sneaky creep-shots of the journalist to his phone, proving their spying prowess.
Admittedly, the creepers would have to know the log-in credentials to be able to access the camera – but there were no alerts from Ring to highlight that unusual activity was happening on the device, despite the fact that it was being accessed from another country.
When reports first emerged of the cameras being hacked in the US, Ring responded by shifting the blame onto lax password security.
Issuing a statement at the time, the company said: “Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security.
“Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.”
As a precaution, the company advise customers to set-up two factor authentication.
But there are other automatic checks that Ring could create to buff up security, such as checking unknown IPs, pinging notifications when multiple people log-in, or even including captcha tests at the log-in stage.
It’s unclear at this stage if the company has plans to roll any of these things out in the immediate future. For now, the onus is very much on the customer to protect their password.
Related: Ring refutes excess data reports