Video showing a hacker talking to a young girl in her bedroom via her family’s Ring camera has been shared on social media amid warnings people need to secure the devices better.
The hacker tells the young girl: “It’s Santa. It’s your best friend.”
Technology website Motherboard reported online forums used by hackers were offering software making it easier to break into such devices.
Ring owner Amazon said the incident was not related to a security breach.
Password stuffing
“Customer trust is important to us and we take the security of our devices seriously. While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security.
“Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.
As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords. ”
Two-factor authentication involves using a strong password and providing a mobile phone number that will then receive a six-digit verification code.
The camera accessed by the hacker was in the bedroom of three young girls, in a house in Tennessee.
In the video shared online, the hacker is heard playing the song Tiptoe through the Tulips and when a young girl asks: “Who’s there?” the hacker replies: “It’s Santa. It’s your best friend.”
Her parents told WMC Action News 5 they had recently bought the device and had not set up two-factor authentication.
Like all smart devices connected to the internet, it would be an easy target for hackers if not properly secured, security expert Ken Munro said.
“This is a stark reminder that connected devices can be compromised if users don’t take basic precautions,” he said.
“Ring owners need to be certain that they haven’t used the same password for their Ring account as for other accounts.
“Hackers are simply creating tools to re-use passwords stolen in other data breaches, also known as ‘password stuffing’.
“It would also be wise for all Ring owners to check they have implemented two-factor authentication, as this makes the password stuffing attack much harder.”
US network NBC-2 reported this week hackers had targeted a Florida family in a similar way, this time shouting racial abuse through the device.
The home security camera is just one of several devices offered by Ring.
Easy target
Its most popular product is a smart doorbell that allows users to see who is coming to their front door via an app.
The device is intended to offer better security, although some police forces in the UK are reporting the gadgets themselves have become an easy target for thieves.
In October, the Yorkshire Post reported officers had seen a rise in such thefts in some areas of the county.
Although such devices are useless once stolen, because they are registered to the owner, the batteries can be sold on online marketplaces.