According to the “SAM Seamless Network” research team report in April 2022, there have been more than 1 billion IoT attacks in 2021, of which almost 900 million of those were IoT-related phishing attacks. With the growth in new IoT device activation every day, it is expected to have over 75 billion of these devices by 2025, and it’s reasonable to assume that the attacks on IoTs would be growing too.
Smart doorbell security cameras have been very popular in recent years giving control over your home front door to remotely answer the door and open it if needed by using Wi-Fi and connecting to mobile devices. This makes it a valuable target for hackers and a vital security concern for us to discuss and address.
In 2019 over 3000 Amazon-owned Ring users’ credentials were published online due to a credential stuffing attack. The hackers took some of the username/password combinations and successfully broke into Ring accounts because some people tend to use a single set of credentials for multiple accounts.
There is more than a single responsible party to blame for this incident. On the one hand, users who chose to use a set of weak, default, and reused credentials, and on the other hand, Ring company for not putting enough security measures and alerts such as notification/verification for accessing by an unfamiliar device or IP address, no saving login history, or supporting end-to-end video encryption, delayed bug fixing and pushing updates.
There are steps to take and minimize the security risks while using Ring devices, such as changing default settings and using stronger unique passwords, using a firewall, VPN, antimalware, applying better Wi-Fi security measures, keeping the device and apps updated, and avoiding sharing the video clips or data with third parties.