The terrifying reality of poor cyber security has been brought home to one family in Mississippi when the security camera in their children’s room was hacked.
The camera, made by ‘Internet of Things’ (IoT) company Ring had only been installed in the bedroom for four days before it was compromised.
Chillingly, the hacker didn’t just watch the family’s 8-year-old daughter in her room – he actually talked to her.
‘I’m Santa Clause, don’t you want to be my best friend?’ the unknown cybercriminal taunted, causing the young girl to scream for her mum.
The video footage is available to view through the Ring software and Ashley LeMay, the girl’s mother, told local media of her horror after watching it back.
‘I watched the video and I mean my heart just like… I didn’t even get to the end where she is screaming ‘mommy, mommy’ before I like ran inside,’ she told WMC5 in the US.
‘They could have watched them sleeping, changing. I mean they could have seen all kinds of things,’ she said.
‘Honestly, my gut it makes me feel like it’s either somebody who knows us or somebody who is very close by.’
Ring (which made its name with a popular line of video camera-enabled doorbells and is owned by retail giant Amazon) provided a statement on the event, in which it blamed the hack on a security breach.
‘Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security,’ the company said.
‘Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.
‘As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords.’
According to tech site Motherboard, hackers have actually created bespoke software for breaking into Ring devices. The site suggested that these software tools are openly discussed on internet forums.
Dr Kiri Addison, the head of data science overwatch at email management company Mimecast, explained that IoT devices often lack ‘even the most basic security measures.’
‘This story is concerning as it highlights vulnerability, which can be compromised to allow third parties to speak to and have a visibility over your children via insecure video messaging,’ she said.
‘I would urge parents to take an active interest in the range of technology, which their children are using, as even toys can present an unwanted risk to the safety of your children.’
She went on to say that regulations are lagging behind where the technology is at the moment.
‘Much like the early insufficient drone use standards originally introduced in the UK, this is an area, which demands attention given the potential widespread vulnerabilities of such devices and the malicious uses they can be put to as the Mirai botnet illustrates,’ she said.
‘Children are uniquely vulnerable to influence or coercion via technology and this is something every parent should be conscious of as the sophistication of these often seemingly innocuous connectable devices increases.’
Source: Read Full Article