Skip to main content
  1. Home
  2. Smart Home
  3. Smart Home Features

Why are hackers snooping on smart home security cameras? I asked an ex-hacker

By

One night about 20 years ago, while surfing the web on my family’s Gateway 2000, Netscape Navigator slowed to a crawl. The mouse stopped responding. Even Ctrl-Alt-Delete did nothing.

Then, a Windows warning popped up. It looked … wrong. A moment later, the screen went blank, the CD-ROM tray opened, and a chat box appeared.

Recommended Videos

I was freaked out, but I knew what was going on. I was hacked.

Related

Through the chatbox, my hacker explained what happened. I’d fallen victim to a Trojan, which let the hacker access my computer and control it. The only way to fix the damage was to reformat the PC’s hard drive.

The Trojan that infected me, Sub7, was an early example of malware programmed by someone known as “mobman.” I never learned the identity of the hacker who sent Sub7 to me, but the Trojan’s creator now works as a security expert. I contacted him to find out why someone might want to randomly hack into a stranger’s life, a phenomena that’s become disturbingly common on today’s smart home cameras.

The Ring problem

Ring hasn’t had the best luck, for sure. With all the recent hacks in the news of late, it should come as no shock that people are concerned. Hackers have targeted Ring’s cameras in droves, leading to creepy stories of hackers spying on, and even taunting, their victims.

But why? What do hackers gain from snooping on smart home cameras? It’s a tough question to ask and answer, especially when the hackers are rarely caught or found.

Image used with permission by copyright holder

This led me to sniff out an answer from the “mobman” himself, who’s also known as Gregory Hanis.

Hanis now directs his skills towards professional internet security. He’s currently the chief technology officer of Viperline Solutions, an Alabama IT security solutions company. I asked him why hackers want to hack security cameras. His answer was simple, though not particularly comforting. Often, it’s just for fun.

I think, right now, people are doing it for kicks and giggles.

Hanis’ Trojan, Sub7, could tap into a victim’s connected webcam. It could view video in real time or listen in through a microphone. Sub7 thrived in the late ’90s and early 2000s, when most PC owners didn’t have proper antivirus protection installed. Its victims were easy targets, but those using Sub7 often did so only to prank or scare victims.

“I think right now, people are doing it for kicks and giggles, and they’re just targeting solo. They’re not making it a big enterprise kind of deal, or even targeting anybody,” said Hanis.

It doesn’t seem Ring’s cameras were compromised by an elaborate hack of parent company Amazon’s servers. Instead, login data was likely obtained by examining hacked credentials from other sources, guessing passwords, or through social engineering. Two-factor authentication can stop these intrusions, but, like PC owners in the late 1990s, people who own smart home cameras often don’t have security at top of mind.

When asked about the hacker who accessed a Ring camera to speak to a little girl, Hanis wasn’t impressed. “I looked at it, it looks like there are some videos on YouTube about people, I don’t want to say hackers, right? I want to say ding-dongs, criminals, or whoever, accessing some little kid’s room.”

Ring, and its rivals, must focus on security

Hanis thinks Ring should do more to prevent hackers from accessing cameras. “I think they said they have multifactor authentication. I don’t know why people don’t turn that on. [Ring] should’ve put it by default on, like when you’re creating your account.”

Ring eventually recommended users turn on two-factor authentication, but only after hacks hit the news. Now, with its new Control Center, Ring is placing emphasis on privacy and security settings in the main dashboard of the app. Currently, two-factor authentication is an opt-out option during new account setups, but soon, it will also be an opt-out option during new device setups on existing accounts as well.

Lawsuits have been filed in California by plaintiffs alleging Ring’s failure to offer basic security measures to prevent these hacks. In one instance, a couple was threatened with “termination” unless they paid the hacker 50 bitcoin (about $436,000).

Having developed Sub7, and now as manager of other security-related projects, Hanis feels Ring’s issues stem from the lack of focus on programming security features that tackle problematic scenarios.

“I’m 100% sure that when they go to develop these products and whatnot, they don’t do that. They don’t think about all the what ifs,” said Hanis. “And that’s why we’re going to have these problems, and we’re still going to have these problems. Until there’s something that enforces that, or some accountability, it doesn’t matter.”

Hackers can easily compromise gadgets that have poor security development, so it’s the responsibility of companies to make them a priority from the get-go, rather than later. As Hanis pointed out, Ring could’ve avoided issues if two-factor authentication was offered during the initial setup process.

Hacks will likely become more severe

While some isolated incidents have involved criminal activities like threats or attempts at extortion, these are rare. The mass attacks that occur through emails, text messages, and social media haven’t hit cameras. Yet.

I didn’t see actually somebody getting robbed because there are times of knowing when they’re home. It’s bound to get there.

“I didn’t see that much maliciousness. I didn’t see actually somebody getting robbed because there are times of knowing when they’re home,” said Hanis. However, he thinks “It’s bound to get there.”

His warning is sobering and, in all likelihood, correct. Hackers will attempt to find new ways and develop tools to remotely access cameras without owners’ knowledge.

This is exactly the evolution displayed by Trojans and other malware. Early examples, like Hanis’ Sub7, could be malicious but were often more of an annoyance than a serious problem. Yet the threat rapidly evolved. Hackers began to push the limits of what existing Trojans could do, then created new malware and used new techniques for deploying it. Only a decade separates early Trojans like Sub7 and the weaponized use of malware that brought down Iran’s nuclear program.

It’s up to Ring, and other companies that sell smart security cameras, to ensure proper safeguards are in place. From educating users, to sending out constant reminders to set up two-factor authentication, or even giving people a history of what devices are connected to an account, these methods foster awareness that would benefit everyone. Otherwise, owners are bound to fall victim to hackers.

Topics
John Velasco
John Velasco
Former Digital Trends Contributor
John is the Smart Home editor at Digital Trends covering all of the latest tech in this emerging market. From uncovering some…

Editors’ Recommendations

Pawport brings security (and smarts) to your existing pet door
A dog sitting next to the Pawport pet door.

Of all the wild smart home gadgets on display at CES 2024, few are as quirky as Pawport. This unique gadget is a motorized pet door cover that's programmable via an accompanying smartphone app and works in conjunction with a collar tag -- allowing it to automatically open when your pet approaches.

Pawport is built to bring added security to your home, giving you a simple way to monitor your existing pet door. Using the app, you can control the door remotely, set curfew times, schedule when the port can open or close, and even issue voice commands with Alexa, Siri, or Google. Other cool features include pet tracking and usage data, letting you know exactly when your pet is walking into (and away from) your home.

Read more
The truth about outdoor smart home gadgets and extreme cold
House buried in snow by blizzard.

Electronics and smart home gadgets bring convenience and automation to your home and often need minimal maintenance, save for the odd firmware update. However, owners living in cities with extreme winters need to worry about how the weather will impact their gear. Most shoppers are eager to set up and play with their new toys, and they mainly worry about getting them quickly with that luxurious same-day shipping and don’t think ahead to how that new device will operate when the weather turns harsh.

The truth is, if you live where it gets bitterly, extremely cold, your smart devices like wireless cameras, lights, and other components will likely stop working. Here's everything you need to know about smart home devices and cold weather.
Pay attention to temperature range
When shopping for an outdoor device, we usually pay attention to the IP rating. Many people see this number and assume it means their gadget is impervious to any kind of weather. That might be true to some extent, but the IP rating doesn't extend to extreme heat or extreme cold. IP ratings only rate for water and/or dust ingression, not for how effectively cold or heat can penetrate. To know how a device might be able to withstand cold winters or hot summers, you need to check the temperature operating range.

Read more
The TP-Link Tapo C120 is an affordable security camera designed for all environments
The Tapo C120 installed on a fence.

Tapo, a TP-Link brand known for crafting affordable smart home products, has just launched the C120 Indoor/Outdoor Home Security Camera. The Tapo C120 carries a low price of $40, but it's packed full of sought-after features like 2K video capture, HD night vision, and IP66 weatherproofing.

Tapo designed the C120 to be cheap to purchase and convenient to install anywhere on your property. Along with its affordable price, the camera includes a 9.8-foot power cord to reach far-away outlets. It's also built with a magnetic base that lets you quickly mount it to metal surfaces. If you can't find any metal on your property or in your home, you can use the included flexible mount.

Read more