How to stop hackers from spying on you through a Ring camera or video doorbell

People who use internet-enabled security camera systems like Amazon Ring or Google Nest to keep their homes safe could be opening up their virtual worlds to hackers, or even employees of the companies.

The devices, typically placed on the outside of homes and aimed at entryways, record live footage of who is approaching the premises, with many residents using the technology to deter package thieves and otherwise monitor their homes. But users who don't properly secure their devices could be inviting criminals to snoop around their digital networks and potentially gain access to reams of sensitive personal data. 

In a case highlighting such vulnerabilities, Amazon this week agreed to pay $5.8 million to the Federal Trade Commission to settle allegations it gave its Ring surveillance employees "unfettered" access to personal videos. The agency in its lawsuit also claimed that Amazon failed to protect customer security, leading to hackers threatening or sexually propositioning Ring owners.

Gavin Millard, a cybersecurity expert at Tenable, a firm that alerts clients to tech vulnerabilities, said there are ways to leverage video doorbells and cameras' security features without exposing one's private lives and information to bad actors. Here are five ways users of the technology can protect themselves.

Cyber scammers target parents, grandparents for digital theft | 60 Minutes

Reset default username and password

Never keep the username and password that a home security system assigns you by default. Because they can be easily guessed by hackers, they should be changed immediately, Millard said. 

"Often when consumers buy the devices, they don't change them from their default, insecure configurations," Millard told CBS MoneyWatch. 

Changing this password is crucial because once hackers breach one device, they can explore others that are connected to the same home network. For example, bad actors can use search engine Shodan to scan the whole internet for any connected devices, from webcams to smart lightbulbs. 

"I can ask it to show me every single internet-connected camera and try 'Admin' and 'Password' as the username and password, and you could access the video streams of any that are vulnerable," he explained. 

Two-factor authentication

In addition, use a multifactor authentication system for added protection. 

"You also want to get a text or notification to a phone or some other device," Georgetown University professor and cybersecurity expert Chuck Brooks told CBS MoneyWatch. 

Use different networks for your devices

Once a cybercriminal cracks the code on your connected doorbell or camera, they can easily access content from other devices linked to the same network. As a result, it's wise to keep these kinds of devices on a separate network than the one that powers your personal computer's internet connection. 

The upshot: Your network is only as secure as the most vulnerable device that is connected to it.

"They're looking for the most vulnerable device to get access to your network and look at your emails and everything else you're doing on your computer or smartphone," Brooks said. "The value to them is they can acquire personal information that can be sold on the dark web." 

Millard keeps his devices on a guest network that's separate from the home network he uses for work and to watch television. 

"I use two networks because if I have a vulnerable camera connected to the internet, attackers don't care what the device is — they just care that it's vulnerable, and they can use it to gain an initial foothold into the network," he said. "It gets them one step closer to being able to break into an infrastructure. Once they break into one device, they can look around and see what else they can go for. Very often an attack is not one-and-done." 

FBI warns against public phone charging stations

Never miss an update

While we're often reminded to update the software on our smartphones and laptops when features are upgraded or changed, it's also important to check home security cameras and doorbells for updates.

"'Patching' is all about keeping the device up to date. It's important to regularly check for updates as part of having good cyber hygiene," Millard said.

Don't record anything private 

It's also advisable to consider files stored in digital cloud services accessible to others, according to Millard. Deleting old footage in your library is also a good thing to do. 

"Generally, I would assume any data I store in a cloud infrastructure or third-party app could be viewed by a company employee," Millard said. Camera manufacturers could also be sharing your footage with law enforcement and other agencies, he said. 

Another good rule of thumb is not to record your own personal movements or behaviors by putting a camera in a bedroom or bathroom, for example. In other words, aim the cameras at the outside world.  

"Don't put them in places that could reveal things you don't want to be revealed more broadly," Millard said.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.