Security School: Latest Home Security Breaches and Responses

Ring announced the termination of four employees for spying on customers' camera feeds. The events spanned the previous four years, but this was the first public acknowledgment.

Following an incident where someone remotely harassed a Mississippi girl using a Ring security camera, an Alabama man filed a class-action lawsuit against the company for failure to provide sufficient security. Ring suggested the hacks came from weak customer security but didn't encourage users to create strong passwords before the incident.

ADT terminated an employee after a customer discovered an unauthorized account login. The employee had been illegally watching security camera feeds from hundreds of Texas customers for seven years. ADT is facing class-action lawsuits related to the incidents.

Researchers discovered a sextortion campaign focused on users of security cameras, including some from Google Nest. It likely came from harvested email addresses, but the researchers said there was no evidence that perpetrators possessed real videos.

Public exposure of data from 2.4 million customers, including email addresses and Wi-Fi network information, but no passwords. The breach was an accidental byproduct of an employee conducting internal analytics work.

Researchers revealed how the size of the datastream from a security camera, which is typically unencrypted, could show outside observers whether someone is home or not. This is because security cameras don't use as much data when there's nothing to record.

Researchers spotted a vulnerability in iBaby baby monitors that could have given access to recordings, personal information, and the popular baby camera's controls. Only after this news became public did the company patch the vulnerability, despite the researchers' efforts to contact the company in the previous 10 months.

Researchers explained a bug that could allow hackers to fake a defective smart light bulb, prompting users to reinstall the bulb. After a reset, hackers could install malware on the Hue hub and home network. Philips Hue fixed the bug between November 2019 and February 2020, when the report went public.

During a congressional antitrust hearing, Rep. Kelly Armstrong, from North Dakota, asked about Google's compliance with controversial geofence warrants in the wake of racial equality protests. Geofence warrants allow law enforcement agencies to access data from anyone in a certain place at a specific time.

Ring has partnerships with over 1,300 law enforcement agencies across the US, which present a threat to Americans' privacy and well-being—especially people of color—if abused, according to the Electronic Frontier Foundation (EFF).

CNET highlights how protesters have used apps like Citizen and Ring Neighbors to track police activity. Conversely, the information shared in these apps is often available to law enforcement.

Both Amazon and Google require third-party partner companies to continually share status updates with them, potentially exposing user data to attacks. Previously, access to this information occurred only upon issuing a command.

The Ring app shares varying levels of user data with five companies: Facebook, Branch, AppsFlyer, MixPanel, and Crashalytics (Google). According to the EFF, the data presents a privacy hazard since marketing companies can track users.

Ring added a Control Center to the Ring app so users can easily manage security settings. Some security features were previously in separate places, while others are new to Ring accounts, like two-factor authentication.

Amazon started a one-year moratorium of police access to its facial recognition software following concerns that police would try to identify and target protesters. Microsoft and IBM have made similar decisions with IBM stopping facial recognition development entirely.

Blink and Arlo now require two-factor authentication to protect user data.

Google Nest now requires two-factor authentication to protect user data.