A Texas couple had their privacy invaded and lives threatened when a hacker took control of their Ring security system and demanded a 50 BTC ransom.
Grand Prairie resident Tania Amador was jolted awake Monday morning by the sound of an intruder alarm, accompanied by a stranger’s voice coming through her Amazon-owned Ring security camera.
“I was asleep and our Ring alarm was going off like an intruder had entered our home and then we heard a voice coming from our camera,” Amador told Dallas ABC News affiliate WFAA.
“This is Ring support. Your account has been terminated by a hacker,” the voice said, laughing mockingly.
The unidentified person then threatened Amador, demanding that she “pay this 50 bitcoin ransom or you will get terminated yourself.”
To further heighten the fear factor, the hacker also took over Amador’s doorbell camera, telling her, “I’m outside your front door.”
Pulling the plug on the hacker
Amador, who lives in Grand Prairie with her boyfriend, refused to be cowed by the hacker’s threats.
Not only did she not pay the 50 bitcoin ransom – worth close to US$400,000 [AU$580,000] at the time of the incident – but she also removed the batteries from the “malfunctioning” security cameras, cutting off the hacker’s ability to threaten and spy on her.
“Very scary to hear a threat shouted over the camera for a ransom,” Amador said.
“The fact that the person was watching and we don’t know for how long is even scarier.”
Ring security hacks on the rise
Amador’s story is just one of several reports of smart home security and other devices being hacked in recent weeks, though it does appear to be the first to involve a Bitcoin ransom demand.
Sunday night, a family in Cape Coral, Florida was in their home when the alarm from their Ring security system was triggered and a voice began speaking to them through their security camera.
For several minutes, the couple endured a barrage of insults and racial slurs, including some directed at their 15-year old son, who happens to be biracial.
The fact that the son is never seen on the camera footage during the incident is particularly concerning, as it indicates that the hacker was likely spying on the family over an extended period of time.
The boy’s mother, Josefine Brown, told local NBC news affiliate: “I was scared… I was scared. I didn’t know who that is, how long he’d been watching us and I’m still scared now because I don’t have any answers.”
Perhaps even more disturbing, a hacker gained control of a Ring security camera in the bedroom of a Tennessee couple’s 8-year old daughter last week, taunting and frightening the child.
Each time I've watched this video it's given me chills.
A Desoto County mother shared this Ring video with me. Four days after the camera was installed in her daughters' room she says someone hacked the camera & began talking to her 8-year-old daughter.
— Jessica Holley (@Jessica_Holley) December 10, 2019
Video footage shows the little girl searching her room for the source of the voice, which can be heard saying, “I’m your best friend…I’m Santa Claus – don’t you want to be my best friend?” Frightened, the child calls out for her mother, Ashley LeMay.
A devastated LeMay told the Washington Post, “I put them at risk and there’s nothing I can do to really ease their mind. I can’t tell them I know who it is. I can’t tell them that they’re not going to show up at our house in the middle of the night.”
Ring blames operator error
In each of the incidents, Ring denied that the hacks were the result of a breach of its security.
“Customer trust is important to us and we take the security of our devices seriously,” a company spokesperson said in a statement sent to several news outlets.
“While we are still investigating this issue and are taking appropriate steps to protect our devices based on our investigation, we are able to confirm this incident is in no way related to a breach or compromise of Ring’s security.”
Instead, Ring is suggesting that the victims’ usernames and passwords were likely gleaned from security breaches elsewhere.
“Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.”
For her part, Amador has a hard time believing Ring’s claims, given that she uses a “specific 21-character passphrase” to protect the account that she has never used anywhere else.