Recently one of my neighbors wrote:
We’re all familiar with the rampant garage break ins in our hood, but I felt compelled to post because there was an aspect of our break-in that I haven’t seen posted.
We got Ring cameras for the very purpose of deterring a break in like these and/ or getting footage if there was a perpetrator. Our garage was broken into last week and my bike stolen. It was done via the same method as all the others but what’s mind blowing is that they hacked into our Ring footage and made sure it captured none of it.
I know the exact timing of it because I heard the noises but through that whole time period the ring footage shows the garage door closed and nobody around. Crazy.
Here’s my response:
I’d suggest you visit this site and plug in all the emails you use to sign into various services: https://haveibeenpwned.com/
This is a legit site run by a very well known security researcher named Troy Hunt: https://www.troyhunt.com/
It tracks whether your credentials (email + password combination) have been leaked onto the dark web. If so, I could see a sophisticated burglar finding out your name and home address, then cross referencing that against a password dump to make an educated guess about your Ring password. There are literally 10 billion credentials out there.
For example, if your login to LinkedIn.com (which was hacked) is firstname.lastname@example.org / asdf0878970&^^asdf — the burglar uses that to try to log into ring.com
This is called credential stuffing attack. More here: https://www.imperva.com/learn/application-security/credential-stuffing/
You should use a DIFFERENT strong password for every site. That way when (not if) a site leaks their credentials, hackers can’t use that to try to log into different websites. 1password is a good password manager for this. Also, write the passwords somewhere for when (not if) 1password goes down. A PITA to be sure but necessary.
Also, use 2 factor authentication (2FA), which is available on Rings.
Looking at this article: https://www.theguardian.com/technology/2020/dec/23/amazon-ring-camera-hack-lawsuit-threats … Amazon (owner of Ring) says that customers need to use strong passwords and 2FA. Ring was hacked in 2019, so if you haven’t changed your password since then, you should.
Last point: connect your Ring to your WiFi guest network. Not your main WiFi network that you connect your laptop and phones to. That way, the Ring camera is isolated from your other devices with personal, confidential information and is less likely to be used to pull data from them.