SIMILAR ARTICLES:

Turn On Auto-Updates Everywhere You Can

Security News This Week: The US Tracked Journalists Reporting on the Migrant Caravan

Palantir Manual Shows How Law Enforcement Tracks Families

Google Recalls Titan Security Key Over a Bluetooth Flaw

As 5G Rolls Out, Troubling New Security Flaws Emerge

An Alphabet Moonshot Wants to Store the Security Industry's Data

How Safari and iMessage Have Made iPhones Less Secure

Cellebrite Now Says It Can Unlock Any iPhone for Cops

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

In Praise of Ugly and Conspicuous Security Cameras

Microsoft Email Hack Shows the Lurking Danger of Customer Support

Security News This Week: A Teen Waltzed Into Mar-a-Lago

How To Delete Your Facebook, Twitter, Instagram, and Snapchat

Hackers Found a Freaky New Way to Kill Your Car

'Simjacker' Attack Can Track Phones Just by Sending a Text

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

Trump’s Homeland Security Purge Worries Cybersecurity Experts

WeWork's Wi-Fi Is Woefully Insecure

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

Hackers Made an App That Kills to Prove a Point

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis

There's been a lot of creepy and concerning news about how Amazon's Ring smart doorbells are bringing surveillance to suburbia and sparking data-sharing relationships between Amazon and law enforcement. News reports this week are raising a different issue: hackers are breaking into users' Ring accounts, which can also be connected to indoor Ring cameras, to take over the devices and get up to all sorts of invasive shenanigans.In Tennessee, a local news channel reported on Tuesday about a case where hackers hijacked an indoor Ring camera one family had placed in a bedroom and used it to talk to three young girls. And as Motherboard first showed, there are tools available online for breaking into Ring accounts by strategically guessing the login credentials . When account thieves record enough juicy audio from people's Ring feeds, there's even a podcast where they can broadcast it.

READ ALSO:

Bluetooth's Complexity Has Become a Security Risk

Though it sounds shocking, the situation with Ring is far from unique. At the beginning of the year, for example, hackers launched similar attacks against Nest cams, complete with incidents where hackers were creepily talking to children through the devices. The manufacturers behind these devices—Amazon and Google, respectively—are both billion-dollar tech giants with massive development resources. The fact that their cameras regularly feature in these kinds of cases reflect a broader industry failure to produce trustworthy IoT devices that are easy for consumers to set up in a secure and private way.

READ ALSO:

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.

"We have ways of preventing attacks like this," says Ang Cui, founder of the IoT analysis and security firm Red Balloon. "We've been thinking about securely allowing people to access computers remotely for decades. So if we insist on making our doorbells a computer that connects to the internet, then we have to put the same level of care into securing those computers."

Turn It On

Basic security measures like good password hygiene and enabling two-factor authentication are enough to stop most attacks. Right now it’s the user who ultimately has to take those steps. But it’s also true that the companies making and selling these devices could do much more to educate people about these methods and encourage them to do it.

READ ALSO:

DejaBlue: New BlueKeep-Style Bugs Mean You Need to Update Windows Now

"IoT vendors emphasize, often rightly, that their products improve quality of life, but they often neglect to disclose the risk of these devices to consumers," says Jake Williams, founder of the security firm Rendition Infosec. "The onus of understanding how an IoT device might impact security should not be purely on the consumer. The vendor shares this responsibility."When it comes to something like a Ring doorbell or camera, the devices can be genuinely useful, but they also generate sensitive data that would be valuable to many parties—from law enforcement to criminals or even nation state hackers. Which makes security that much more important. And while Ring does provide instructions for enabling two-factor authentication, Amazon doesn't require it or turn it on by default. If you're a Ring user, you definitely should if you haven't already.

READ ALSO:

Security News This Week: Julian Assange Faces Extradition to the US

To enable two-factor authentication on your account, open the Ring app, tap the three-lined icon in the upper left corner of the screen and go to Account > Enhance Security > Two-factor Authorization > Turn on Two-factor. Then enter your password and the mobile number where you'll receive the SMS messages with one-time login codes. Then enter the first test code and hit Continue. Keep in mind that you need to add two-factor individually to every "Shared" and "Guest User" account that branches off a main account.

Not One IoTa

Amazon did not return a request for comment from WIRED about the rash of recent Ring account comprises. It said in a statement to other outlets that, "While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security."

READ ALSO:

Why Republicans Storming a SCIF Puts National Security at Risk

The article source: www.wired.com
Tags: security, account, ring, user, authentication, news, amazon, devices, device, iot, way,