Ring User Blocks $400K Bitcoin Extortion Attempt by Taking Out the Batteries

Illustration for article titled Ring User Blocks $400K Bitcoin Extortion Attempt by Taking Out the Batteries
Photo: Getty

Tania Amador of Grand Prairie, Texas, awoke on Monday to an alarm and a sinister voice speaking to her through her Ring device.

Advertisement

“This is Ring support,” the voice said, laughing.

Then the hacker got to business. “We would like to notify you that your account has been terminated by a hacker,” the voice said, according to local ABC affiliate WFAA, which reviewed the Ring camera’s footage. “Pay this 50 Bitcoin ransom or you will get terminated yourself.”

Advertisement

According to WFAA, the hacker then took control of the 28-year-0ld woman’s doorbell camera then said, “I’m outside your front door.”

“Very scary to hear a threat shouted over the camera for a ransom,” Amador told WFAA. “The fact that the person was watching and we don’t know for how long is even scarier.”

But Amador did not pay the Bitcoin bounty, worth about $400,000. Instead, she simply took the batteries out of her Ring.

This is just one example to come to light recently of hackers speaking to Ring users through their devices. In once instance in Tennessee, someone sang “Tiptoe Through the Tulips” to an 8-year old girl, before telling her, “It’s Santa. It’s your best friend.” In another incident in Florida, a hacker shouted racial slurs.

Advertisement

Ring did not immediately respond to a Gizmodo request for comment. A company spokesperson told WFAA that Ring owners’ emails and passwords are often stolen in third-party breaches because people often use the same passwords for multiple accounts—suggesting this is likely what happened to Amador.

Amador told WFAA she doubts this is what happened since she uses a unique 21-character password for her Ring account. She said was also surprised to discover that Ring, which is owned by Amazon, doesn’t lock someone out of an account after they make several wrong password attempts.

Advertisement

This week, Motherboard published a report about cheap software that allows hackers to gain access to Ring cameras, detailing how pervasive the problem of Ring hacking has become.

A Gizmodo investigation published on Monday found that Ring’s companion crime-alert app, Neighbors, often transmits the approximate location of Ring cameras when a user posts Ring videos to the app, making it trivial for technical users to find a user’s physical address.

Advertisement

Amador’s boyfriend, who works in IT, requested all Amador’s Ring user data by filing a police report.

“I felt betrayed by our security company,” Amador told WFAA. “I feel like we were treated like another dollar and that we didn’t matter.”

Advertisement

Amador has kept the devices off since the unsettling incident. “Everything is shut off and until there is a safer alternative, we don’t want to keep using Ring,” Amador told WFAA. “At the time there is no trust in the company.”

All Ring advisers should keep in mind that the best way to prevent people from accessing their device is to never use a Ring camera.

Advertisement

Former senior reporter at Gizmodo

Share This Story

Get our newsletter

DISCUSSION

Typical Ring hit piece by Giz again... you left out the most important part of this; mainly that the majority of these ‘hacks’ (And wow, are you playing fast and loose with that word in this context!) came about because users are using the same password everywhere and not being aware they have been compromised.

The “cheap Ring software” mentioned in the article is simply looking through lists of compromised username/password combos and basically war-dialing login attempts.

1. Use a password manager with randomly generated passwords for your logins, not one password for everything. There are plenty of low cost or free password managers out there. (I use a self hosted version of Bitwarden myself.) This way you don’t have to rely on your memory (except for your master pw of course) and it conveniently fills out the forms for you.

2. Enable available Two Factor Authorization for anything crucial like this.

3. Use https://haveibeenpwned.com/ and subscribe to notifications