RING RING, who’s home?
In the past year, smart home technology has really changed the way we live. So many devices and apps aide in our daily activities, making life easier so we can focus on our jobs, family and friends. Just the other day I watched a news story about the RING doorbell security system. There are many videos out there about the things that are captured on these front door cameras, but this one in particular caught my attention. If you haven’t seen any of these videos, they are just plain creepy. Many cases have been solved by these videos, which of course is a good thing.
So this got me thinking- what if the reverse happened? What if intruders, or cybercriminals, could overtake your security cameras?
This video shares a story about a family that was watched over the internet for the world to see, without their knowledge. Simply through their home security system cameras. Not so secure, I’d say.
I was in Denver speaking at a conference when I got an email asking me if I would be willing to go on the news to talk about these events. When I was in the FBI I was very limited by what I could say, and it was always very nerve wracking. Today, I actually get to talk about these things. In return, I get to help a wider audience by teaching them how to stay safe in this digitally-connected world.
I got back to my hotel, collected my thoughts, and set up my Iphone to do the interview over Skype. The Ring Doorbell is what is known as an Internet of Things (IOT) device. IOT devices consist of security cameras, HVAC systems, alarms, lights, appliances and many other gadgets.
If you have an App on your phone that allows you remote control of any device, it’s an IOT device.
Do you have any IOT devices in your home?
Just like with any other account, we have to create a username and password. In a majority of these apps, the username is almost always an email address. Everyday we read about another data breach where cybercriminals steal usernames and passwords of an application. The companies always tell us to change the password of the application; however, a majority of the population is using the same password for multiple platforms. These password lists are available on the darkweb and in many cases you can find them on the regular internet.
Are you using the same password for multiple accounts?
If you are using any IOT devices (which I guarantee you are), you need to make sure you are setting up the extra layer of security called two-factor authentication (2FA) which is something more than just a password. I always encourage users to set up 2FA on all of their mission critical accounts. You may not think of your Alexa, or your RING doorbell as a ‘mission-critical account’ but they are.
All IOTs are mission critical.
Just think what could happen if any intruder shut off your lights, or turned off the heat, or (worse) disabled your alarm system before breaking into your house.
Here is a list of IOT devices that support 2FA. If your device doesn’t support 2FA, consider getting a different one.
As I await my interview with the reporter on my phone, my thoughts were racing with all of this information. The reporter starts off with saying that RING is taking no responsibility for hackers gaining access to users’ information. While I’m not in the business of defending technology companies, I did explain to him that in all probability RING was not hacked. More than likely, the end user’s name and password was stolen by the bad guys and this caused the issue. I always tread lightly because I never want to appear to blame the victim. He then asked me what the solution would be, for all those people who want to throw out their IOT devices. There’s no reason to start a technology-mutiny. All we must do is keep these accounts safe, just like any other account we use daily.
If we treat these devices as the pertinent, highly sensitive, mission-critical accounts that they are, I doubt we’d have this problem.
As I say in all of my talks, almost 90% of cybercrime activity could have been prevented. It only takes awareness and education of the possible threats to mitigate, or down-right extinguish, the problem.
Think again about how many devices you have in your home. Are you protecting yourself and your loved ones? Take your cybersecurity into your own hands and don’t be the next victim!