I can't convince most people to take security seriously. "I don't have any money for them to steal," is a common refrain. (IDENTITY THEFT is not always about the money in your bank account.) But this takes things to a disturbing new level.
I was going to use the title "NEVER Use the Same Password on Multiple Services," but I figured no one would read it. Recent Swatting Attacks Targeting Residents With Camera and Voice-Capable Smart Devices.
Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. To gain access to the smart devices, offenders are likely taking advantage of customers who re-use their email passwords for their smart device. The offenders use stolen email passwords to log into the smart device and hijack features, including the live-stream camera and device speakers.
They then call emergency services to report a crime at the victims’ residence. As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers.
You read that right. Your life means nothing to these hackers except as entertainment value. Are you interested in security yet?
The hackers take over the security doorbells, or other cameras, with stolen credentials.
How do they get stolen credentials? People use their email passwords as their Ring Doorbell (or other security system) account PW. And they have used the same PW for decades, because how would anyone know? (Hint: They know.) Especially if you are using a sports team, pet's name, kid's birthday, alma matter, or even most dictionary words. Not that any of you will take security seriously because of this.
"Security is hard," you say. I have great security. For all of my on-line accounts, I really only need to remember the password to my password-manager. (And that is a PW that would be tough to crack in under a century or 10. Or longer.) How hard is that? One password. The PW manager remembers all the other passwords, for email, banking, shopping sites, whatever. Every one of which is unique, long, and gibberish. Just don't lose access to the PW manager, because no one can reset your PW for you.
Recommendations: Have strong, unique passwords. Enable 2-factor authentication.
To their credit, Ring and a few of the other large companies are trying to fix this, but they can only do so much. They cannot always protect you from yourself. But they are trying.
Never underestimate the power of human stupidity.
— Robert A. Heinlein, Time Enough for Love
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.