At first, Todd Craig thought he was being pranked.
Craig was standing in front of his Amazon Ring indoor camera on Dec. 9 when he heard a stranger’s voice coming over the speakers, laughing and barking, “Ring support! Ring support!”
Craig, an IT worker who lives in Texas, jumped, assumed that his girlfriend, Tania Amador, must be playing a joke on him. He and Amador previously used an ADT home security system, but recently switched to Ring when they realized they could go from paying roughly $100 per month to Ring’s $100 per year.
Amador wasn’t pranking him — she was upstairs, asleep. At that point, he realized the breach was real.
Craig hid behind a pillar in his kitchen, determined to stay outside the view of the indoor camera. He ultimately rushed behind the device and pulled out the batteries — only to hear a voice coming from his Ring doorbell camera mounted on the front of his house.
“I’m outside your front door,” the voice said, before demanding payment: “Pay this 50 bitcoin ransom or you will get terminated yourself!”
Craig and Amador are now plaintiffs in a class-action lawsuit against Ring, alleging that the company hasn’t done enough to protect users from hacks. Another Tennessee family, also plaintiffs in the suit, say they were targeted by a hacker who used their Ring cameras to spy on and harass their 8-year-old daughter, shouting: “I’m your best friend. I’m Santa Claus. Don’t you want to be my best friend?…Mess up your room, break your TV.”
Business Insider surveyed hundreds of Ring users about their reasons for purchasing the security camera, their reaction to news of hacks, and what the technology means to them.
Many said they use Ring doorbells, but refuse to put cameras inside their homes due to the threat of hacks. But while the majority of surveyed users expressed concern, in their view, Ring’s safety features felt worth the trade-offs. To them, the technology had already become indispensable.
‘Peace of mind’
Gladys Castaneda was fast asleep in her Mesa, Arizona home when her Ring doorbell awoke her. It was 5 a.m., and the video feed from her doorbell camera showed a man pounding on her door (she later learned the man was a neighbor she hadn’t met before).
Castaneda, who was alone with her one-year-old and two-year-old daughters, would have been wary about going downstairs at such an hour, but she used the Ring camera to speak to her neighbor directly. There was a fire next door, he said, and the flames were about to reach her house.
“I don’t know if I would have known to answer the door unless I had the Ring. I thought somebody was trying to break in,” Castaneda told Business Insider.
After hearing about the fire, she sprang into action.
“So I run, give him my first daughter to hold, run back inside and get my second daughter. Having the front porch video gave me peace of mind because I didn’t know who I was giving my girls to.” Castenada says she remains unphased by reports of Ring hacking; her only complaint is that the doorbell’s battery runs out too quickly.
She’s not alone in her praise of the controversial security system.
The company, which was founded in 2013 and purchased by Amazon five years later, has “millions” of users, according to a spokesperson. Even as news of Ring hacks swirled, Ring’s online sales in the US continued to rise. According to data analytics firm Jumpshot, sales in December grew 180% compared to the year prior, with nearly 400,000 cameras sold that month.
Through Ring partnerships, police departments can request videos from people’s cameras within a specific time frame, which homeowners can decline. Beginning in February, users will be able to preemptively opt out of receiving requests from police. However, as with any security footage, police can pursue a search warrant to seize video even after a user has declined to share it.
Many customers surveyed by Business Insider admitted they were unaware that police departments partnered with Ring could potentially access security footage from their homes.
Jamie Siminoff, founder and CEO of Ring, defended Ring’s partnerships with police in a Jan. 7 interview with Business Insider, arguing they give both law enforcement and customers “more privacy, more security, and more control.”
But privacy and civil liberties activists have slammed Ring for giving police a new tool to expand surveillance and track people’s movements.
“The white, suburban homeowners who buy these devices are not particularly likely to switch off notifications from police [to request Ring footage when a crime occurs in the neighborhood],” said Evan Greer, deputy director of the nonprofit group Fight for the Future.
“What about all of the people that walked by that camera, the mail carrier that has to walk up to that camera every day, the teenagers in the park across the street … who don’t have a choice about whether their neighbor puts one of these cameras up?”
The next big hack
Ring maintains that the series of hacks that have hit Ring owners in the last two months were not the result of a system flaw, but rather occurred because users reused passwords from other services, which may have been stolen in a breach.
But cybersecurity experts told Business Insider that the company could still do more to protect users against hacks.
“If you get hacked, they would know everything about you,” said Brian Vecci, field CTO at data security firm Varonis. “They would know exactly what rooms you’re in. They would know every member of your family and when they come and go. You start putting multiple types of data together and you can start telling this interesting and powerful, and potentially really damaging story about a person.”
When Motherboard tested Ring’s security features in December by attempting to log into the device using incorrect credentials from unknown IP address, it didn’t trigger any warning to the device’s owner.
Ring itself has begun to take small steps to beef up security. This month, the company is rolling out a privacy dashboard that will let people see who’s logged into their devices, and will begin requiring that customers use two-factor authentication, a safeguard against stolen passwords. It will also begin notifying users when someone logs into their account from an unfamiliar IP address.
“Seeing that video of that girl made me cry. And every time I think about it, it makes me sad,” Ring CEO Jamie Siminoff told CNET of the ‘Santa Claus’ hacker who taunted the 8-year-old girl.
Even then, Siminoff maintained that Ring’s security was not at fault, telling Business Insider the next day that “it’s hard to say that [Ring] could have done better.”
Vecci said that the uptick in reported security hacking since December doesn’t mean that the problem is a new one.
“It’s just that nobody was really noticing,” he said.
“I would argue that Ring has a bit of a responsibility,” Vecci continued. “This has been an issue in cybersecurity forever: it’s convenience versus security. Someone somewhere [at Ring] is saying, ‘If we make it even a little bit harder to use, people aren’t going to use it.'”