Home / Trends / Ring's defense for hacks is as poor as its security, the lawyer claims

Ring's defense for hacks is as poor as its security, the lawyer claims

  Image of a doorbell
Image: Chris DeGraw

After a series of ring camera hacks, Amazon's security company claimed that hackers who were logged in had tampered with their customers' cameras or accounts Credentials from hacking forums or the dark internet don't come from the corporate database.

Lawyers representing some of the victims of a class ring lawsuit told Digital Trends that their clients were using unique passwords that could not be hacked anywhere else.

Hassan Zavareei, partner at Tycko & Zavareei LLP, a law firm specializing in class action and privacy practices, said the defense that credentials come from other unrelated data breaches is "unfounded and false".

The class action lawsuit that was filed on January 3 with the Central District of California District Court describes several graphic incidents in which the plaintiffs' ring cameras were hacked. This includes an incident in which a young girl was racist Was exposed to insults that the hacker had shouted at, and another case in which a hacker accessed the doorbell camera of customers Todd Craig and Tania Amador and threatened them with "termination" unless they paid him 50 Bitcoin (approximately $ 436,000).

"We know that [Ring’s defense] is incorrect because our customers Todd Craig and Tania Amador each created a unique password for their ring accounts that they did not use for other accounts," said Zavareei. "Mr. Craig created a unique 1

6-character password and Ms. Amador created a unique 14-character password. If Ring's excuses were true, the hackers would not have been able to access their Ring accounts because of their combinations of username and password have not been associated with other online accounts. "

Ring's Success Story

The class action lawsuit claims negligence. Public disclosure of private facts and intrusion, among other things. Claimants' lawyers expect that a third party will be involved

Ring previously assumed little responsibility for the hacks and described them as problems with the passwords of individual users and not with the Ring database.

] "Ring refused to take responsibility for the Taking security of your own home security devices. "

" It is not uncommon for Bad Actors Collect data from other companies' privacy violations and create lists like this so that other bad actors can try to gain access to other services, ”the company said in a statement to ABC News last month when asked about a similar process has been.

In December, a data leak revealed the personal information of more than 3,000 ring users. At that time, Ring Digital Trends announced that there was no evidence of a hack in its systems. In early January, Ring told a group of U.S. Senators that Ring employees had improperly accessed doorbell videos on four different occasions. Due to widespread reports of hacks and unauthorized access to devices, Ring has refused to accept responsibility for the security of its own home security devices to take over and take on its role in compromising the privacy of its customers, ”the lawsuit said.

Ring is not the only home camera company with security issues. Ring competitor Wyze suffered a serious data breach in late 2019 that affected millions of customers. This is partly due to the lack of basic security functions, experts said. Ring also suffered a minor leak, but has denied that its own systems have been compromised.

Ring did not respond to a request to comment on its current security practices.

"Inappropriate Security"

Lawyers Who Are Victims Of Hacker Attacks According to Ring, your own security system is not very secure.

"This differs from the typical data breach case where there is a mass exfiltration of information," said Austin Moore, partner at Stueve Siegel Hanson LLP, who also contested the case. told digital trends. "This tends to lead to insufficient security."

"It's very ironic. They buy [Ring] for security, and in the end they open the door to everyone's homes."

"I don't understand why Ring didn't introduce basic standard security protocols that are known to be prevent unauthorized access. "Moore said.

Moore added that it was "full speculation" of Ring that customers' passwords were stolen from another location, unlike hackers who exploited a fundamental bug in Ring's system.

According to Moore and Zavareei, Ring does not require two-factor authentication and does not lock a user after several wrong password attempts. This means that a hacker can run a simple script that tries out combinations of alphanumeric codes an unlimited number of times until they find the one that allows them to log in, Zavareei said.

"There are so many basic safeguards that need to be added here," said Zavareei. “This is one of the most outrageous examples of a failure to protect privacy. It is very ironic. They are bought [Ring] for security reasons, and in the end they open the door to everyone's house. “

Editor's recommendations

Source link