Hacked Ring cameras used as baby monitors expose children’s privacy concerns

Turning a home security camera into a baby monitor opens the door to virtual intruders. And all they need to gain access is the password, something they can obtain through a hack.

Cybersecurity experts are warning parents who use home security systems as baby monitors to be cautious after a hacker exposed how easily children’s privacy can be compromised.

Video of a hacker speaking to an 8-year-old through a Ring camera set up in her bedroom went viral in December, prompting a class-action lawsuit against the security giant.

The child went to her room when she heard music playing. Then, a stranger began talking to her over the Ring camera, initially calling himself Santa Claus, according to a federal complaint.

“Breaking into a Ring account grants access to exceptionally intimate and private parts of someone’s life: the inside of their homes, sometimes their bedrooms,” prosecutors wrote.

Ring maintains its system wasn’t breached and has introduced two-factor authentication for improved user protection.

“It is important to note that there is no evidence that Ring’s systems or network were compromised. But we have taken the issues seriously and plan to launch new user privacy controls,” Ring spokeswoman Jenna Graime told WTOP in a statement.

“People aren’t really creative with their passwords. This is one of those times where you need a strong password,” said Tracy Walraven, cyber operations section chief at D.C.’s Department of Forensic Sciences.

Just like a smart doorbell, hackers can access the video from any security camera set up inside the house, too, something to consider for parents using them as baby monitors.

“Let’s say you get rid of your Ring … that data is still capable of being recovered unless it has been wiped or written-over,” Walraven said.

Ring is sharing its best practices with users and launching an in-app “Control Center,” which Graime told WTOP will be a “centralized place in the Ring app where users can see and control important security and privacy settings.”

Walraven suggested changing the eight- to 12-digit password — which should contain capital letters, symbols and numbers — quarterly on a home Wi-Fi network and on security apps.

Some might find it easiest to download a password keeper, which generates random passwords for different accounts and only requires the user to remember one to access them.

LastPass, RoboForm, 1Password and Dashlane are among the recommendations from our partners at Data Doctors.

For a more personal password, Walraven recommends thinking beyond the name of a family pet or an address.

“Take a phrase, any phrase — maybe the name of your favorite book — and use just the first letters of the words in the title,” Walraven said. “It’s something you will remember that is complicated enough and not obvious enough to a person just looking at your Facebook page.”

As an example, using the book “A Wrinkle in Time,” the password might begin with “AWIT,” followed by a series of numbers, or another memorable phrase while substituting some letters for characters. For example, “p@55word” instead of “password.”

Of course, refrain from using “password” as a password, or any iteration of the very-hackable “1234.”

Megan Cloherty

WTOP Investigative Reporter Megan Cloherty primarily covers breaking news, crime and courts.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up