NEW YORK (CBSNewYork) – Are Ring cameras inside your home dangerous to your family? One Staten Island mom says hackers used her interior cameras to terrorize her 13-year-old son.
Gina Sgarlato says her son Blake was home alone doing his homework when a mysterious voice came from their Ring smart cameras, reports CBS2’s Meg Baker.
“That’s whole reason we got the system was to protect family, now our family has been completely invaded,” said Sgarlato.
In a home surveillance video, her son can be seen quickly unplugging the kitchen’s camera, but the hacker follows him via other cameras through the house to the foyer.
“What’s up homie,” said the stranger’s voice. “I still see you.”
The hacker continues taunts through the house and into the garage, then sets off the home’s alert siren.
“I want there to be knowledge of what this is,” said Sgarlato. “I know so many people that have this. I know there’s other kinds of surveillance cameras that you can have in your home and stuff that are out there, but I want people to realize that your kid can be sitting alone in your house and be the target of a maniac.”
This Staten Island family is just one example of many incidents where home technology has been hacked.
“They are getting people’s passwords from other situations, other applications, trying them and in many cases getting in,” said Ian Marlow, CEO of FitechGelb Cyber Security.
Marlow says all passwords should be complicated: Using upper and lower case letters, special characters and numbers, avoiding using the same password twice and using dual authentication.
“Put in your mobile device phone number, and if someone tries to log in, it’s going to send you a notification saying a new device is trying to sign in. ‘Is that OK?’ And you say, ‘no,’ and keep people out,” said Marlow.
Sgarlato says her one-step password for Ring was set up by a home security company.
“Two-step authentication should have been the only way the Ring was set up,” she said.
Sgarlato says she has since removed all Ring cameras from inside her home and, as a lawyer, she is looking into taking legal action.
Ring released the following statement in response to the incident:
“Customer trust is important to us and we take the security of our devices seriously. Our security team has investigated this incident and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.
“Recently, we were made aware of an incident where malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log in to some Ring accounts. Unfortunately, when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.
“Upon learning of the incident, we took appropriate actions to promptly block bad actors from known affected Ring accounts and affected users have been contacted. Consumers should always practice good password hygiene and we encourage Ring customers to change their passwords and enable two-factor authentication.”
Sgarlato says she also reported the incident to the Richmond County district attorney who is investigating.