A New York Times article published this week brought attention to the fact that a number of Users of the popular Ring Home Camera System (powered by Amazon) have been shocked to discover that their online account used to monitor and interact with their Internet Connected Cameras has been compromised – a fact they discovered when strangers began watching them and verbally communicating with them through their Cameras!
The compromised accounts from all reports are not the direct result of an identifiable data breach, but rather appear to be the latest example of individuals reusing passwords across multiple websites – an ever growing problem with the large number of passwords we all now need to keep track of. Thankfully there are a range of tools available to help with this issue, from Password Managers like KeePass or 1Password Standalone, to Multifactor Authentication like SMS or Google Authenticator.
Not only should this article prompt all of us to perform a review/reset of our current passwords in use to ensure that we aren’t reusing them across multiple sites, but thought should also be given to something we are all too keen to exchange for convenience these days – our privacy. Too often we still blindly click ‘Accept’ on Apps asking for permission to access certain features when installing them on our phone. Now it seems we are also blindly accepting of the fact that we’re inviting potential bad actors and malicious individuals into our last true safeguard – our family home.
I am not for a second suggesting that security systems aren’t important for your home in this day and age - I myself have a number of low-cost, easy to install IP Cameras around my home for both security and parental supervisory purposes. What I asked myself before purchasing them however was ‘Do I really need these Cameras to be accessible over the Internet?’ ‘Do I feel comfortable with the fact that if I can view the Camera feeds on the Internet, there’s a good chance that others could as well?’ Naturally the answer to both of those questions was ‘NO’ – I did not want images of my bedrooms transmitted over the World Wide Web. That’s not to say though that we can’t leverage other features of the Cameras for Security purposes – such as local network recording to a secured hard drive for later retrieval/evidence, or email notifications when motion is detected whilst we are out of the house.
As technology continues to evolve and big corporations find may ways of leveraging it (and us out of our hard earned cash in the process) with an ever increasing number of new and exciting ‘Things’ connected to the Internet, we need to be even more cautious to ensure that those devices are storing, sharing, or transmitting, only the information that we are comfortable with them having access to.
If you are concerned that your Users may be reusing their passwords & putting your business systems & devices at risk, contact the Innovations Team for a comprehensive Security Risk Assessment.