I-TEAM: Can weak cybersecurity on your smart devices give hackers the keys to your digital kingdom?
Thursday, Jan. 23, 2020
News 12 at 6 O’Clock/NBC at 7
AUGUSTA, GA (WRDW/WAGT) – “All the pieces for peace of mind” – that’s the slogan for Ring, a multi-function security system that has gained in popularity in recent years.
But a class action lawsuit says otherwise, claiming the system allows hackers to terrorize families inside their own homes.
Families across America have reported hackers spying and harassing them through the Ring camera.
As we discovered, it’s so easy for the bad guys to break into the system.
Cybersecurity expert Sarah Rees says it doesn't take a cyber-guru to crack into someone's home security system.
"I am going to take John Doe who I have done some research on,” Rees says, punching in information to gain access to a Ring account. “I know he works for this company. He works there and I have John Doe as a username but I don't have his password so how do I get that?”
Bad guys can get almost anything off the dark web.
“These are real people’s passwords,” Rees said, scanning a list of passwords in front of her. “Hello123 is not a good password.”
Yes, even databases of passwords can come from the dark web.
“It’s just a page full of passwords and what’s funny is if you look at those, you think those are really bad passwords,” Rees said. “I took this off of a real breach.”
Hackers use a program to run the username or usernames through a list of hundreds of thousands – even millions – of passwords.
"So I am going to feed this list to a tool that automatically takes your login because I know your name is John Doe and JDoe is your login,” Rees said. “It’s going to take that and match the first password to it, and if it doesn't work, it’s going to move on."
It only takes seconds for us to get a hit.
IOT devices, or also known as internet of things, are particularly vulnerable to hackers.
"IOT would be internet of things -- anything that’s not explicitly a computing device like a computer or laptop or tablet -- something like a smart lighbulb,” Rees said.
Hackers use IOT devices like the Ring camera to crack into other devices that store sensitive information like laptops and phones.
"What I did and what users can actually do at home, it's not very difficult,” Rees said. “I separated it and put those IOT devices, which may be more questionable in terms of their security and vulnerability, I put those on a different WiFi network."
Rees puts her IOT devices on her guest network with an encrypted password. She keeps her phone and laptop on her home network -- a separate network. She also uses two-factor authentication on her devices.
"One factor would be a password, the second would be a text message like a PIN, a fingerprint, anything that isn't something you know."
Weak security is an open invitation for anyone with the right program to hack into your home.