Motherboard found that the Amazon-owned home security hardware company Ring’s offerings lacked basic features to help protect customers from being snooped on by people who gained unauthorized access to their accounts.
Ring sells indoor and outdoor security cameras that you can monitor from anywhere via a cloud-based interface, which means you can see what’s going on inside and around your house in real time, watch archived footage, see the residential address you registered your account with, and even remotely talk to people indoors.
Naturally, you’d expect such a system to be tightly secured. But Motherboard’s investigation found that Ring doesn’t check when a login from an unknown IP address is the actual owner of the account, or display a history of logins so you can figure out if hackers may have popped in for a look. Google services like Gmail, as well as Facebook, offer these at no charge to their users.
What’s even more worrying is that Ring doesn’t appear to have checks in place to prevent multiple login attempts with incorrect credentials. A bunch of failed attempts to log in to an online service should trigger a lockdown and an alert to be sent to an alternative contact address, but Motherboard noted that it was able to try logging in to a Ring account several times without raising any alarms.
This opens up the possibility for hackers to try breaking into your account by using previously compromised credentials from other services. That means that if you use the same password for your Ring account as for an app or site that had been hacked, those could easily be easily be used to access your network of live streaming security cameras.
The full piece is well worth a read to understand how not to run a home security service in 2019; find it over on this page.
Get the TNW newsletter
Get the most important tech news in your inbox each week.