medic38572
TB Fanatic
by Joe Wolverton, II, J.D. March 16, 2023
Technological terrorists claim to have seized the data from Amazon’s popular “Ring” smart doorbell and surveillance devices and are threatening to release that data over the internet unless Amazon meets their demands.
As reported by Vice:
ALPHV has a history of such attacks, having previously released medical data, as well as data hacked from a hotel chain.
For those readers unfamiliar with the term, ransomware is a type of malicious software (malware) that encrypts a victim’s files or computer system and demands payment, usually in the form of cryptocurrency, in exchange for the decryption key. Ransomware typically spreads through email attachments, infected software downloads, or vulnerabilities in a computer system’s security. Once the ransomware has infected a victim’s system, it can quickly spread to other connected devices or networks. The attackers behind the ransomware will then demand payment in exchange for restoring access to the victim’s files or system. Ransomware attacks can be devastating, as they can result in the loss of important data or the disruption of critical systems.
In this case, the ALPHV group reports that it has seized control of the data from Ring cameras and that if Amazon doesn’t accede to their terms, then ALPHV will release the Ring camera data on the internet, putting the video and audio data of millions within the reach of anyone with access to a computer.
For its part, Ring claims that it’s seen no evidence that customer data have been compromised. Ring admits, however, that a third-party vendor has been the victim of a ransomware account and that Ring/Amazon is working with that company to minimize the damage. Ring insists that the third-party vendor has no access to customer data.
Regardless of such reassurances, this isn’t the first time data from Ring cameras have suffered serious security breaches.
In 2020, an Amazon software engineer called for the shutdown of Ring, explaining that the service is incompatible with privacy.
Max Eliaser, the Amazon employee insisting that the connected Ring doorbells and cameras should be shelved, posted an explanation on Medium. “The deployment of connected home security cameras that allow footage to be queried centrally are simply not compatible with a free society. The privacy issues are not fixable with regulation and there is no balance that can be struck. Ring should be shut down immediately and not brought back,” he wrote.
Eliaser isn’t alone in raising a warning voice about the potential threats to privacy posed by the popular doorbell camera. The Electronic Frontier Foundation (EFF) published a report revealing substantial breaches to the privacy of users of the Amazon-owned “smart” technology. EFF’s report showed the smart device is a lot savvier than users likely realize:
While Amazon does not publish sales numbers, industry insiders estimate that the online retailer has sold over 1.7 million units of the Ring devices, which is more than its next four competitors combined.
Thus the hacking and holding of customer data by a ransomware group proven in the past to follow through on their threats to release personal data on the internet is particularly alarming.
Believe it or not, Ring cameras have had other very serious security shortcomings exposed recently.
Regarding the Ring doorbell app, an EFF investigation disclosed that a shocking amount of personal data is shared with third-party companies without notice to the user:
As unbelievable as that relationship is, AppsFlyer is not the biggest benefactor of Ring’s data sharing scheme.
More from EFF’s report:
Beyond the app-based breach of privacy, the Ring devices create situations where surveillance can be conducted on people who don’t have the service and who cannot keep themselves from being watched by those who do.
Amazon’s Ring home security service has entered into contracts with over 200 police departments, and the tech giant admits to giving law enforcement expansive access to the video and audio collected by the service’s surveillance devices, without the permission of the customer!
A visit to Amazon’s Ring Security System’s product page reveals to possible customers — and those worried about personal privacy — all the data that Amazon is making available, without prior permission or notice of Ring customers, to police departments:
• Monitor your property in HD video, and check-in on home at any time with Live View on-demand video and audio.
• Hear and speak to people on your property from your mobile device with the built-in microphone and speakers.
• Activate the siren from your phone, tablet, and PC to scare away any suspicious people caught on camera.
So, is this the data that ALPHV has and is threatening to release? No one knows and they aren’t saying.
But the more relevant question is, will all these security breaches and data hacks convince anyone to think twice about allowing Amazon access to their home?
A cybersecurity company has verified independently that the ALPHV collective does list Ring data among the data it currently has in its database.
thenewamerican.com
Technological terrorists claim to have seized the data from Amazon’s popular “Ring” smart doorbell and surveillance devices and are threatening to release that data over the internet unless Amazon meets their demands.
As reported by Vice:
ALPHV has a history of such attacks, having previously released medical data, as well as data hacked from a hotel chain.
For those readers unfamiliar with the term, ransomware is a type of malicious software (malware) that encrypts a victim’s files or computer system and demands payment, usually in the form of cryptocurrency, in exchange for the decryption key. Ransomware typically spreads through email attachments, infected software downloads, or vulnerabilities in a computer system’s security. Once the ransomware has infected a victim’s system, it can quickly spread to other connected devices or networks. The attackers behind the ransomware will then demand payment in exchange for restoring access to the victim’s files or system. Ransomware attacks can be devastating, as they can result in the loss of important data or the disruption of critical systems.
In this case, the ALPHV group reports that it has seized control of the data from Ring cameras and that if Amazon doesn’t accede to their terms, then ALPHV will release the Ring camera data on the internet, putting the video and audio data of millions within the reach of anyone with access to a computer.
For its part, Ring claims that it’s seen no evidence that customer data have been compromised. Ring admits, however, that a third-party vendor has been the victim of a ransomware account and that Ring/Amazon is working with that company to minimize the damage. Ring insists that the third-party vendor has no access to customer data.
Regardless of such reassurances, this isn’t the first time data from Ring cameras have suffered serious security breaches.
In 2020, an Amazon software engineer called for the shutdown of Ring, explaining that the service is incompatible with privacy.
Max Eliaser, the Amazon employee insisting that the connected Ring doorbells and cameras should be shelved, posted an explanation on Medium. “The deployment of connected home security cameras that allow footage to be queried centrally are simply not compatible with a free society. The privacy issues are not fixable with regulation and there is no balance that can be struck. Ring should be shut down immediately and not brought back,” he wrote.
Eliaser isn’t alone in raising a warning voice about the potential threats to privacy posed by the popular doorbell camera. The Electronic Frontier Foundation (EFF) published a report revealing substantial breaches to the privacy of users of the Amazon-owned “smart” technology. EFF’s report showed the smart device is a lot savvier than users likely realize:
While Amazon does not publish sales numbers, industry insiders estimate that the online retailer has sold over 1.7 million units of the Ring devices, which is more than its next four competitors combined.
Thus the hacking and holding of customer data by a ransomware group proven in the past to follow through on their threats to release personal data on the internet is particularly alarming.
Believe it or not, Ring cameras have had other very serious security shortcomings exposed recently.
Regarding the Ring doorbell app, an EFF investigation disclosed that a shocking amount of personal data is shared with third-party companies without notice to the user:
As unbelievable as that relationship is, AppsFlyer is not the biggest benefactor of Ring’s data sharing scheme.
More from EFF’s report:
Beyond the app-based breach of privacy, the Ring devices create situations where surveillance can be conducted on people who don’t have the service and who cannot keep themselves from being watched by those who do.
Amazon’s Ring home security service has entered into contracts with over 200 police departments, and the tech giant admits to giving law enforcement expansive access to the video and audio collected by the service’s surveillance devices, without the permission of the customer!
A visit to Amazon’s Ring Security System’s product page reveals to possible customers — and those worried about personal privacy — all the data that Amazon is making available, without prior permission or notice of Ring customers, to police departments:
• Monitor your property in HD video, and check-in on home at any time with Live View on-demand video and audio.
• Hear and speak to people on your property from your mobile device with the built-in microphone and speakers.
• Activate the siren from your phone, tablet, and PC to scare away any suspicious people caught on camera.
So, is this the data that ALPHV has and is threatening to release? No one knows and they aren’t saying.
But the more relevant question is, will all these security breaches and data hacks convince anyone to think twice about allowing Amazon access to their home?
A cybersecurity company has verified independently that the ALPHV collective does list Ring data among the data it currently has in its database.
Ransomware Group Claims to Have Hacked Ring Security Camera Data - The New American
Technological terrorists claim to have seized the data from Amazon’s popular “Ring” smart doorbell and surveillance devices and are threatening to release that data over the internet unless Amazon meets their demands. As reported by Vice: “There’s always an option to let us leak your data,” a...
thenewamerican.com
