Amazon's internet-enabled home security cameras, Amazon Ring, are being actively targeted by hackers and DynaRisk’s intelligence team have discovered that user login credentials are being shared on the dark web. We have recovered 4,172 account details so far which include usernames and passwords, as well as where the camera is positioned in the user's home.
Home security devices have been in the headlines numerous times over recent years. From a Nest camera takeover which saw a family threatened with a North Korean intercontinental ballistic missile, to recent headlines of a Ring device being intercepted in a child’s bedroom, it seems that regardless of brand, internet connected security devices are a prime target for bored hackers.
In the files we recovered, we were able to see not only the login credentials (username and password) but where the camera was positioned in the user’s home and the location. This type of information means a hacker can essentially login and spy on you; for those using the cameras internally, this is particularly concerning. In some of the examples below it’s possible to determine that one of the users has a camera installed in their children’s bedroom - in another example, their grandma’s house.
With access to this type of information, criminals could commit not only device takeover but a number of serious crimes:
- The distribution of indecent images without a person’s knowledge or consent
- A demand for ransom in return for images taken
- Physical crimes such as burglary - a hacker will be able to identify when a user’s home is vacant
- Stalking and spying
The accounts are being shared on a number of forums, including some found in Russia as per the example below.
The most affected cities in Europe and the USA
Top most affected cities in the US:
1. New York
3. Los Angeles
Top most affected cities in Europe:
How to protect your home security devices
All internet devices are at risk if they’re not adequately protected. Follow these steps to help protect your devices, including any internet connected home security cameras:
- Turn on two-factor authentication in your device settings.
- Use unique, strong passwords for all your accounts and devices.
- Ensure that external security cameras are securely attached to prevent physical tampering.
- Do not share security camera footage on any social networks.
- Regularly delete your security footage.
- Change your passwords regularly.
- Practice good security hygiene.
- Make sure your device software is always up-to-date.
We also recommend investing in cyber security tools to help protect your home against account and device takeover. Antivirus should be used across all households to protect against viruses and malware, and tools like DynaRisk can help to protect other aspects of cyber security that put you at risk, such as alerting you if any of your account details are breached online and helping you to clean up your cyber hygiene.
With a DynaRisk plan you’ll get a Cyber Security Score to help you understand exactly how safe you are online. This is based on an assessment of your digital behaviours, device vulnerability scans and any breaches your personal information may have been shared in. We then combine all this information to provide a score out of 999, along with a tailored action plan to help improve your score and online safety.
Do you know what your score is? Try one of our free trials to find out.