A lot has been said about the Ring hack over the last week. Some of it is partly true but the problem is there are a lot of half truths, or uneducated decisions, being made about the future of Ring products and people’s homes.
Out of curiosity, I decided to take a look at what has actually happened and hopefully help people make better decisions, without going into the granular details of the security systems involved.
What do we know about the “hack”?
From the footage that has appeared on a variety of websites, we know that there are a number of people’s cameras that have been accessed without the consent of the owners. Calling it a “hack” is a long bow to draw on that information alone though.
What I’ve found there is acknowledgement from Ring that there are cameras being inappropriately accessed, but not that there has been any malicious attack on their systems to achieve this.
Clearly having cameras you’ve installed for security and peace of mind compromised (regardless of the root cause) would not be pleasant. It would be fair to feel violated without a doubt and wanting answers.
What else is at play?
I’m not going to waste a heap of time doing a wrap up of something I can’t improve on…
Phil Nickinson, aka. Modern Dad, did a brilliant wrap-up which covers some of the issues at play including use of strong, unique passwords.
If that’s too long to watch, the upshot is don’t use password123 or your pets name, date of birth etc. and do not re-use passwords on different websites – these practices are asking for trouble!
What if someone is already in my Ring account?
This is an important note: Simply enabling 2FA on your Ring account will NOT disconnect people who have already connected to your account. You need to enable 2FA and then change your password. This will disconnect all currently connected devices from your account, force them to log in again and go through the 2FA process.
What else can I do to protect myself?
The first step with any login you setup is to use good password practices. Regardless of what it is you’re logging into you should be using strong and unique passwords for all sites. You may think that the login you’re creating doesn’t matter but the same username/email and password combination you’ve used on another site may be critical to you. Think what it would cost you if you lost access to your bank accounts, if your email was compromised or your lost your mobile phone number.
The second step is – wherever possible – use 2 factor authentication. For those not familiar with it, when you login with a username and password – a second authentication step is triggered. Many sites will send you an SMS code, others will require you to use a 2FA app like Authy for these codes or hardware keys such as the YubiKey.
Use a password manager, seriously – just do it! The annual cost is relatively low when you compare it to the cost of losing access to accounts. Particularly at the moment, a number of them are on special leading into Christmas so keep your eyes out for pricing on the option you’re keen on.
Finally: Don’t become complacent. Even if you’re ticking all of the boxes above, you should still consider changing your passwords on a semi-regular basis. Taking a short step backwards, a good password manager will remind you to do this to ensure your accounts remain secure.
Look after yourself online, keep your accounts secure and minimise your risks by working to best practice for passwords.