In recent days, the media have drawn attention to the increasing cracking of Ring smart cameras, as attackers not only compromise devices, but also mock their owners by broadcasting what is happening on the air.
For example, a family in Florida suddenly heard racist comments to their teenage son coming from Ring. In another case, the unknown screaming for a couple from Georgiademanding that they wake up. Another family in Tennessee heard a voice mocking their 8-year-old daughter through the camera in the nursery: the attacker put music to the child, urged the girl to destructive behavior, and then generally declared that he was Santa Claus. In Texas someone tried to demand a ransom in the amount of 50 bitcoins (360,000 dollars), telling homeowners that only after that he will leave their surveillance system alone.
In all cases, the victims managed to stop the intrusions by simply disabling the Ring, and users admitted that they did not configure two-factor authentication to access their devices. Ring developers hastened to declare that their devices did not contain any vulnerabilities, and the company was not compromised, that is, the users themselves are responsible for what is happening.
Edition Vice motherboard conducted its own investigation and found that in hacker forums one can easily find topics entitled, for example, “Ring Video Doorbell Config,” where smart camera hacking is being actively discussed. There are also numerous tools for sorting credentials and Ring brute force, and on one of the forums a hacker generally offers verification through Ring.com for only $ 6.
Also reporters discovered the reason This wave of hacks is the NulledCast podcast, which broadcasts live camera hacks and bullying of their owners. The "show" is broadcast live on Discord and is linked to the Nulled forum of the same name, which sells tools for hacking smart cameras, and thousands of participants are registered.
“Sit back in your chair after spending 45 minutes having fun,” says the Nulled podcast ad. – Join us while we switch between random themes, such as Ring & Nest trolling, tell the owners of the shelter that they killed a kitten, arrange a Nulled drama and other rzhachny things. Be sure to join our Discord to watch the show live. ”
Yesterday, December 12, 2019, attackers panicked due to increased media attention: some forum posts related to hacking Ring were deleted, as well as some content from the Discord server. At the same time, server administrators insisted that the live broadcasts would continue (albeit on a smaller scale), despite the fact that law enforcement agencies are already investigating three cases of hacking.
However, on Thursday afternoon Motherborad journalist Joseph Cox stated on Twitter that Discord banned the podcast server and all its users. However, you should expect that Nulled will continue to work on another platform or in some other form. In the meantime, the Nulled forum allegedly forbids discussing the compromise of the Ring and Nest cameras, as well as prohibiting the sale of accounts.