What a Recent Ring Camera Hack Can Teach Us About Cybersecurity
An eight-year-old girl plays in her bedroom when suddenly a disembodied voice calls out for her attention. It’s coming from the Ring Camera that was installed in her room by her mother, intended to keep an eye on the girl while she works overnight shifts at the hospital. But the voice doesn’t belong to either of her parents.
It belongs to an unknown man who hacked the camera.
“I’m your best friend,” he cheerily tells the girl. “I’m Santa Claus!”
This is not the first time an incident like this has occurred. It will not be the last. As reported by Yahoo, there have been multiple hacks targeting Ring cameras over the past year.
For anyone who’s been paying attention to the cybersecurity space, this comes as no surprise. Experts have long cautioned that the Internet of Things (IoT), a technological revolution helmed by businesses for which cybersecurity is only a secondary consideration, will usher in a new age of insecurity.
Surprise, it has.
In the wake of the Ring hacks, Vice decided to test the camera company’s security, to see if it really took the privacy of its customers as seriously as it claimed. As you may have surmised, the results were not comforting. The publication described them, in no uncertain terms, as “awful.”
“Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in—entirely common security measures across a wealth of online services,” writes Vice’s Joseph Cox. “Ring is advertised as a home security device which is supposed to make its customers safer by monitoring their homes. But its lack of certain security features shows how the device can work against its owners, and open them up to other risks.”
We’d caution against being too hard on Ring. Certainly, it’s both concerning and infuriating that they seem to be so lax with user data. But at the same time, they are the product of their environment where time-to-market is the only metric that matters and security is a distant consideration.
It falls to all of us to do our parts. To educate our employees not just on their role in protecting corporate assets, but in the how and why of keeping their own data safe. Because the fact remains that so long as customers don’t prioritize the security of their data, companies won’t, either.
That’s the real lesson here. There exists a legion of devices with security that’s just as abysmal as Ring. Addressing this nightmare requires a concerted effort not just by regulators, but by security professionals and employees at every level of every organization.
It’s something we need to face together. Because if we don’t, we might as well just throw in the towel now.