ALPHV, a ransomware gang known for its malware BlackCat claims to have breached Amazon-owned smart security camera company, Ring, as reported by Vice. The ransomware gang is now threatening to release Ring’s data. “There’s always an option to let us leak your data,” a message posted next to the Ring logo on the ransomware group’s website read.
The cybersecurity collective VX Underground tweeted a screenshot of the listing on Monday verifying that a listing naming Ring is currently on ALPHV’s data dump site. However, Ring denied the allegations and told AIM: “We currently have no indications that Ring has experienced a ransomware event.”
Founded in 2013, Ring – previously Doorbot – makes doorbells, outdoor cameras, indoor cameras, car cameras, alarms, and lighting, which are all popular products globally. It was founded by Jamie Siminoff, whose idea on the same product was once rejected by Shark Tank.
AIM Daily XO
Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.
Ring claims that its doorbell is a clever home gadget that enables you to manage your front door from a distance. It is fixed beside your front door and linked to your mobile device via Wi-Fi. If someone visits your house, you can observe them using the camera and unlock the door from afar. Additionally, the company makes indoor and outdoor cameras that permit you to watch over your home, children, or pets when you are absent. The cameras use motion detectors and a feature that allows you to have a conversation with someone in real-time.
A Brief History of Security Breaches
Ring has a history of multiple security breaches and instances of data theft in the past. For example, in 2019, over 3000 Ring users’ login details were leaked online due to a credential stuffing attack, which did not originate from the company’s databases. Hackers obtained username and password combinations from previous data breaches and utilized them to gain access to Ring accounts.
Download our Mobile App
AIM had earlier raised an alarm over Amazon having the biggest personal data repository with its acquisition spree of voice, image, and camera services and its share in the smart home sector. Besides, the conglomerate has had a history of developing or purchasing technologies that make people worried about data privacy concerns.
Amazon had raised a few eyebrows with a string of acquisitions. Privacy advocates were anxious that they might use its acquisition of iRobot – a Roomba vacuum cleaner – to filch heaps of information about consumer homes and private lives.
In December 2018, Amazon paid an estimated $90 million for the acquisition of ‘Blink’, a startup known for its proprietary chip-based home security cameras and video doorbell. They also acquired ‘Ring’ the same year, for a whopping $1 billion. In 2015, Amazon acquired ‘2lemetry’, a Denver-based startup to track and manage IP-enabled machines and other connected devices.
Dojo, a company that specialises in security for Internet of Things (IoT) devices, has discovered that malevolent individuals can hijack your Ring doorbell by accessing the network it operates on. This is due to the fact that the data transmitted between the Ring device and its application was not protected by encryption.
Ashley LeMay filed a lawsuit against Ring for a second occurrence where a stranger communicated with her daughter through a hacked indoor security camera. The unauthorised individual was able to gain access to the camera and microphone, and instructed the 8-year-old girl to ruin her belongings after claiming to be Santa Claus. Another family experienced a similar incident when a cybercriminal spoke to them as they were preparing for sleep.
A Reddit user reported an occurrence where their Ring doorbell was transferring data to China. The company has accepted responsibility for the issue and pledged to release an update to fix it. To an inquiry from US Senator Ed Markey (D-Mass), Amazon responded by confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests. In each case, Ring handed over private recordings, including video and audio, without letting users know that police had access to – and potentially downloaded – their data.
Starting September 2022, Ring began providing end-to-end encryption for video and audio on its battery-powered video doorbells and security cameras, allowing users to secure their camera footage, restricting access solely to their registered iOS or Android device. With end-to-end encryption activated, only the camera owner can access recorded footage. Even if requested by law enforcement, Ring or its parent company Amazon could not provide the video — or so it claims.
