Dozens of people who say they were exposed to death threats, racial swearing and blackmail after hacking their smart cameras in the Ring house are suing the company for “horrific” privacy violations.
The new class action lawsuit, which combines a number of cases filed in recent years, states that relaxed security measures in the Ring, which is owned by Amazon, have allowed hackers to take over their devices. The ring provides home security in the form of smart cameras that are often installed on bells or at people’s entrances.
The lawsuit against Ringo is based on previous cases, merging the complaints of more than 30 people in 15 families who say that their devices were hacked and that they used them for harassment. In response to these attacks, Ring “accused the victims and offered inadequate answers and false explanations,” the lawsuit states. Prosecutors also claim that the company also did not adequately update its security measures after such hacks.
People who could benefit from the lawsuit include the families named in the case, as well as all other Ring users who have been hacked. The class also covers tens of thousands of customers who bought a doorbell between 2015 and 2019, even if they were not hacked.
“I would imagine that there are a lot more people out there who have been hacked,” said Hassan Zavareei, the leading lawyer in the case. “This is probably just the tip of the iceberg.”
The lawsuit cites examples of hackers who took over Ring’s cameras, screamed insolence, demanded ransom, and threatened to kill and sexually assault her.
A user of one of the rings says that they asked him through the camera while he was watching television one night: “What are you watching?” Another alleges that an unknown hacker approached his children via the device, commenting on their basketball game and encouraging them to approach the camera.
In one case, an elderly woman in an auxiliary apartment was allegedly told “you will die tonight” and sexually harassed through the camera. Because of the trouble caused by the hacking, she eventually had to return home, feeling insecure in the building where she once lived.
In another incident, a prosecutor who bought the Ring device to keep an eye on her four-year-old daughter, who had a history of seizures, alleges that music from a horror movie was played through her camera. Her complaint reads:
On December 4, 2019, just after 8 p.m., while Ms. LeMay was doing the chores, both Ring devices began live streaming. At the same time, the cover of Tiny Tim’s “Tiptoe Through the Tulips”, a song that appeared in the scene from the horror film “Insidious” from 2020, began to be released through the function of two-way conversation. Intrigued by the music, Ms. LeMay’s eight-year-old daughter, AL, went to a room she shares with her two younger sisters to explore. But the room was empty. As AL wandered around, searching for the source of the music, the song abruptly stopped and a male voice was heard, “Hello.”
LeMay immediately changed her password and called Ring that day to report the hacking, but received no response for nearly a week. The company never told LeMay where the hack came from or how it happened, the complaint said. The plaintiff eventually had to leave the job due to emotional distress, the complaint states.
Ring did not say who was behind the hacking, and victims say they still do not know who accessed their devices through the device.
The ring has repeatedly blamed the victims for not using strong enough passwords, the lawsuit alleges. He says Ring should have asked users to set complicated passwords when setting up the device and implement two-factor authentication, which adds a second level of security using another form of identification, such as a phone number.
However, according to the lawsuit, Ring was hacked in 2019 – which means that the stolen credentials from that violation may have been used to enter the user’s cameras. This means that the hacking that Ring allegedly accused of customers could have been caused by Ring himself. A spokesman said the company had not commented on the ongoing lawsuits.
The lawsuit also alleges research by the Electronic Frontier Foundation and others that Ring violates user privacy by using a number of third-party trackers in its application.
The lawsuit says that, currently, Ring “has not sufficiently improved its security practices nor has it adequately responded to the ongoing threats that its products pose to customers.” Security and privacy experts have also criticized Ring’s response.
“After a host of intimidating headlines about their poor security practices, Ring has finally made some improvements,” said Evan Greer, deputy director of the privacy advocacy group Fight for the Future. “But the basic security application they should have had in the first place doesn’t change the fact that Ring cameras make communities less secure, not safer.”
In addition to hacking concerns, Ring has faced growing criticism for his growing surveillance partnership with police forces. Ring has now created law enforcement partnerships, which allow users to send footage and photos to police in more than 1,300 cities.
“Ring’s supervisory-based business model is fundamentally incompatible with civil rights and democracy,” Greer said. “These devices and the thoughts behind them need to be melted down and never talked about again.”