Skip to main content
  1. Home
  2. News

Ring’s defense of recent hacks is as shoddy as its security, lawyer claims

Maya Shwayder
By
ring door bell illustration
Illustration: Chris DeGraw

After a series of Ring camera hacks, the Amazon-owned security company has claimed that any intrusions into its customers’ cameras or accounts were perpetrated by hackers who obtained login credentials from hacking forums or the dark web, not from the company’s database.

Lawyers representing some of the hacking victims in a class-action lawsuit against Ring told Digital Trends that their clients used unique passwords that could not have been hacked anywhere else.

Recommended Videos

Hassan Zavareei, a partner at Tycko & Zavareei LLP, a firm specializing in class-action and privacy litigation, said the defense that login information was taken from other, unrelated data breaches is “baseless and false.”

Related

The class-action suit, filed January 3 in the U.S. District Court for the Central District of California, describes several graphic incidents in which the plaintiffs’ Ring cameras were hacked. They include an incident where a young girl was exposed to racist insults that the hacker yelled at her, and another case where a hacker accessed the doorbell camera of clients Todd Craig and Tania Amador, and threatened them with “termination” unless they paid him 50 bitcoin (about $436,000).

“We know that [Ring’s defense] is not accurate because our clients Todd Craig and Tania Amador each created a unique password for their Ring accounts that they did not use for other accounts,” said Zavareei. “Mr. Craig created a unique 16-character password, and Ms. Amador created a unique 14-character password. If Ring’s excuses were true, the hackers would not have gained access to their Ring accounts, because their username and password combinations were not associated with other online accounts.”

Ring’s track record

The class-action lawsuit alleges negligence, public disclosure of private facts, and intrusion, among other things. Lawyers for the plaintiffs say they’re expecting a third family to join the class action as well.

Previously, Ring has claimed little responsibility for the hacks, describing them as issues with individual users’ passwords, not Ring’s database.

“Ring has refused to take responsibility for the security of its own home security devices.”

“It is not uncommon for bad actors to harvest data from other company’s data breaches and create lists like this so that other bad actors can attempt to gain access to other services,” the company said in a statement to ABC News last month when asked about another, similar suit that it’s facing.

In December, a data leak exposed the personal information of more than 3,000 Ring users. At the time, Ring told Digital Trends that there was no evidence of a hack of its systems. Earlier in January, Ring told a group of U.S. senators that Ring employees improperly accessed doorbell videos on four separate occasions.

ZDNet

“Even in light of widespread reports of hacks and unauthorized access to devices, Ring has refused to take responsibility for the security of its own home security devices, and its role in compromising the privacy of its customers,” the suit says.

Ring is not the only home security camera company with security issues. Wyze, a Ring competitor, suffered a major data breach at the end of 2019 that affected millions of customers. It was caused in part by the lack of basic security features, experts said. Ring has also suffered a smaller leak, but has denied that its own systems were compromised.

“At Ring, our top priority is the safety and security of our customers,” Ring said in a statement to DT. “While we do not comment on ongoing litigation, it is important to note that there is no evidence that Ring’s systems or network were compromised. But we have taken the issues seriously and plan to launch new user privacy controls. We will continue our long-standing commitment to making our Ring devices even stronger and more secure than ever.”

‘Inadequate security’

Whatever Ring’s new upcoming user privacy controls are, lawyers representing hack victims said Ring’s own security system is not very secure in the first place.

“This is different than the typical data breach case where there’s a mass exfiltration of information,” Austin Moore, a partner at Stueve Siegel Hanson LLP, which is also litigating the case, told Digital Trends. “This goes more to inadequate security.”

“It’s very ironic. You buy [Ring] for security, and they end up opening the door into everybody’s homes.”

“I don’t understand why Ring didn’t implement standard basic security protocols that are known to be effective at preventing unauthorized access,” Moore said.

Moore also added that it was “complete speculation” by Ring that clients’ passwords were stolen from elsewhere, as opposed to hackers exploiting a basic flaw in Ring’s system.

According to both Moore and Zavareei, Ring does not require two-factor authentication, and does not lock out a user after multiple wrong password attempts. This means a hacker can run a simple script that tries combinations of alphanumeric codes an unlimited number of times until it finds the one that will allow a login, Zavareei said.

“There are so many basic security precautions that need to be added here,” Zavareei said. “This is one of the more egregious examples of a failure to protect a privacy interest. It’s very ironic. You buy them [Ring] for security, and they end up opening the door into everybody’s homes.”

Editors' Recommendations

Topics
Maya Shwayder
Maya Shwayder
Former Digital Trends Contributor
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Ring Indoor Cam vs. Arlo Essential Indoor Camera: which is best?
Arlo Essential Indoor Security Camera on table

If you’re looking for a reliable indoor security camera, it’s hard to go wrong with the Ring Indoor Cam or Arlo Essential Indoor Camera. Both can capture crystal clear footage, are highly customizable, and sync with smartphone apps so you can review all your notifications. Amazon recently launched an updated version of the Ring Indoor Cam -- but is it better than the aging Arlo Essential Indoor Camera?

Here’s a closer look at the Ring Indoor Cam and Arlo Essential Indoor Camera to help you decide which is best for your smart home.
Video quality and cost

Read more
Ring’s new indoor camera features a built-in privacy shutter
The Ring Indoor Cam mounted on a wall.

Ring is launching a new Ring Indoor Cam on May 24, and it’ll be the first indoor camera in its catalog to include a privacy shutter. The shutter allows you to turn off both the camera and microphone, and it can be easily removed if you don’t need the additional privacy features.

The shutter can’t, however, be remotely activated. This means you’ll need to manually swivel the privacy shutter in front of the camera when you want to use it, then swivel it out of the way when you want to start recording again. Still, as the first Ring Indoor Cam to offer the feature, it’s definitely a step in the right direction.

Read more
Arlo Pro 4 vs. Arlo Pro 5S: which security camera comes out on top?
The Arlo Pro 4 home security camera installed outdoors.

Arlo is responsible for two of the best smart security cameras on the market -- the Arlo Pro 4 and the Arlo Pro 5S. The Pro 5S clocks in at $250, while the older Pro 4 is a bit cheaper at $200. But is it really worth dropping an extra $50 to snag the newer Arlo Pro 5S? From video quality and built-in extras to power usage and more, here’s everything you need to know about the Arlo Pro 4 and Arlo Pro 5S security cameras before making a purchase.
Resolution and night video

Both the Arlo Pro 4 and Arlo Pro 5S capture footage with a resolution of up to 2K. They also support HDR, making most images crisp and easy to decipher. You’ll also benefit from color night vision and a 160-degree viewing angle. In other words, both security cameras produce high-end footage that’s easy on the eyes.

Read more