She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.

Via:  ender  •  one month ago  •  26 comments

By:   Allyson Chiu

She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.

S E E D E D   C O N T E N T

When Alyssa LeMay heard the strange music and sounds coming from her bedroom, she walked in expecting to find one of her sisters. But the room was empty.

Then, as the 8-year-old wandered around her room alone, the mysterious song abruptly stopped.

“Hello there,” a man’s voice said.

It wasn’t Alyssa’s father, who was elsewhere inside the family’s Mississippi home. The voice belonged to a stranger. And not only could the faceless man speak to the young girl — he could see her.

In a chilling exchange caught on   video   last week, the LeMays say the man was able to interact with their daughter after hacking into a Ring security camera that had recently been installed in the bedroom shared by Alyssa and her two younger sisters. Over the course of several minutes, the man repeatedly directed a racial slur at Alyssa and tried to persuade her to misbehave, according to a copy of the video obtained by The Washington Post.

“I can’t even put into words how badly I feel and how badly my children feel,” Alyssa’s mother, Ashley LeMay, told The Post on Thursday. “I did the exact opposite of adding another security measure. I put them at risk and there’s nothing I can do to really ease their mind. I can’t tell them I know who it is. I can’t tell them that they’re not going to show up at our house in the middle of the night.”

The LeMays, however, aren’t the only people who have experienced this nightmare in recent weeks. Several Ring users nationwide have reported that their security systems were also infiltrated by hackers who harassed them through the camera’s   two-way talk function . (Ring is an Amazon product. Amazon chief executive Jeff Bezos owns The Washington Post.)

A spokesperson for Ring told The Post in a statement early Thursday that what happened to the LeMays “is in no way related to a breach or compromise of Ring’s security.” The “bad actors” behind the attacks “often re-use credentials stolen or leaked from one service on other services,” the spokesperson said. Ring has addressed the   other   reports   of hacking   with similar statements.

“Customer trust is important to us and we take the security of our devices seriously,” the spokesperson said.

Trust was a major factor in Ashley LeMay’s decision to buy Ring cameras for her home. For two years, the 27-year-old mother of four said she talked herself out of getting indoor security cameras, citing potential privacy breaches as one of her concerns. That changed when she saw that a majority of people in her neighborhood in a small northern Mississippi town had outfitted their homes with Ring doorbells. LeMay’s friend, a fellow mother, also recommended the indoor camera to her.

“It seemed like nobody had ever had any issues with it,” she said. “Everybody seemed to go with that same brand, so it seemed like something that was trustworthy.”

Armed with LeMay’s research, the family purchased two cameras on Black Friday. LeMay said one was installed in her infant’s room and the other went on the wall in the girls’ bedroom.

For LeMay, who works overnight at a hospital as a laboratory scientist, the cameras not only gave her “peace of mind” but also helped her children feel safe.

“It’s really neat that you could talk to them,” she said. “When I would go into work, I’d be like, ‘Love you, good night.’ It just made them feel like I was close.”

On Dec. 4, that sense of security was shattered.

Shortly after 8 p.m., both cameras started live-streaming and the Tiny Tim cover of “Tiptoe Through the Tulips,” a song that famously appeared in a scene from the 2010 horror film “Insidious,” poured from the speakers, LeMay said. At the time, she was out running errands, but her husband was home with the children.

It was this tune that first caught Alyssa’s attention, the 8-year-old told  WMC.

“I thought it was my sister because I hear music. It’s like, ‘Tiptoe to the window,’ ” she said. “So I come upstairs and I hear some banging noise, I was like, ‘Who is that?’ ”

In the video recorded by the camera, the overly cheerful song is playing as Alyssa walks into the empty bedroom. The hacker’s sudden greeting prompts the girl to gasp and whip her head from side to side, frantically looking for the source.

From there, the exchange takes a dark turn.

The voice begins shouting the n-word at Alyssa, who is becoming increasingly confused.

“Go tell Mommy you’re a n-----,” the voice commands Alyssa, who is white.

“Who is that?” Alyssa can be heard asking.

The voice responds: “I’m your best friend. You can do whatever you want right now. You can mess up your room. You can break your TV.”

The young girl repeats her question, sounding distressed. At one point, she screams, “Mommy!”

“I’m your best friend. I’m Santa Claus,” the voice says, later adding, “Don’t you want to be my best friend?”

The conversation ends when Alyssa says, “I don’t know who you are,” and walks out of the room. The camera’s microphone picks up audio of Alyssa telling her father what happened.

“Someone’s being weird upstairs,” she says.

LeMay said her husband immediately texted her and unplugged the cameras. The worst part of watching the video was seeing her daughter call out for her, she said.

“That was the most chilling part to me,” LeMay said. “She’s asking for my help and there’s literally nothing I could do to protect her in that moment.”

Although LeMay said she contacted Ring right after the frightening incident, the family had plans to leave for a cruise the next morning, and she had to wait until they returned earlier this week to start seeking answers.

The company’s responses, she said, left her frustrated. Instead of answering her questions about whether the hack was done locally or by someone far away, LeMay said, a Ring representative repeatedly brought up how she didn’t set up two-factor authentication as an added security measure.

“The fact that they’re just continuing to give customers the same blanket statement, it’s like they don’t seem concerned at all,” she said. “To be honest, it felt like they were trying to place the blame on me. As a mother, I already feel guilty enough that I let this happen to my family. … There’s just no need for that.”

Meanwhile, Ring users elsewhere were also being hacked. Over the weekend, a family in Cape Coral, Fla., said a man started talking to them through their camera and making racist comments about their son, asking, “Is your kid a baboon, like the monkey?” WBBH   reported . On Monday, the same thing happened to a woman in Atlanta, who was   screamed at while in bed , as well as a couple in Grand Prairie, Tex., who say they were   threatened   with a ransom demand.

But LeMay said her family’s experience differs from the others.

“What’s so scary to us is that this person did not care that it was a young child,” she said, adding: “Whoever this was, they did not stop until we unplugged the cameras. He just would not stop.”

Now, Alyssa and her sisters are afraid to sleep in their bedroom. For the past few days, the girls have been camped out in the living room, LeMay said.

“This is our first house,” the mother said. “It’s really sad to not feel safe.”

Video at link.


jrDiscussion - desc
smarty_function_ntUser_is_admin: user_id parameter required
Find text within the comments Find 
2  seeder  Ender    one month ago

Some sick people out there.

Of course the company is not taking responsibility.

2.1  JaneDoe  replied to  Ender @2    one month ago

There are sick people out there! Poor little thing. That freak could have been watching that little girl changing clothes etc... This probably sounds strange but it’s almost a good thing that he spoke, if not, he could have just kept on watching. 

2.1.1  seeder  Ender  replied to  JaneDoe @2.1    one month ago

True. They unplugged it. Had he not spoke, who knows how long it could have continued.

2.1.2  Kavika   replied to  JaneDoe @2.1    one month ago

Good point Jane. 

Greg Jones
2.2  Greg Jones  replied to  Ender @2    one month ago

How is the company responsible? Many customers are not security savvy, or simply don't take their privacy seriously.

Any wireless (Wi-Fi) connection is fairly easily hacked unless it is set up correctly. The first thing I did with my new home computer modem was to disable the Wi-Fi function.

2.2.1  seeder  Ender  replied to  Greg Jones @2.2    one month ago

A lot of people can't do that. A family with phones and several devices, it is not practical to go without wifi.

The company is selling the device and just saying, good luck.

2.2.2  WallyW  replied to  Ender @2.2.1    one month ago

So there no reason for the user to take personal responsibility to follow the setup instructions? jrSmiley_78_smiley_image.gif

2.2.3  seeder  Ender  replied to  WallyW @2.2.2    one month ago

I know you all think any corporation is beyond reproach so I will not get into that.

2.2.4  Ozzwald  replied to  Ender @2.2.3    one month ago
I know you all think any corporation is beyond reproach so I will not get into that.

It's not that Ring is beyond reproach, but they have given their customers the tools to prevent this from happening.  They may need to take more steps to educate the customer on proper setup and security configuration, but you cannot expect them to hand hold the customer and help them cross the street.

I have 2 Rings at my house and feel confident that no one can access them outside of my family and the Ring company.  "Hackers" are not like they are portrayed on television, they cannot access your system if you have taken simple steps by changing all the default passwords.  For that matter, why would they bother to put that much effort into it?  Unless you are wealthy or famous, what are they going to get out of it?

This case is mostly likely some asshole that got into an unsecured WiFi connection and decided to fuck around with them.  He should be found and locked up, but the Ring owner needs to take some responsibility.  If it is securely configured but still "hacked" (i.e. an unscrupulous Ring employee, xfinity employee, etc.) that would be a different case entirely.

2.2.5  seeder  Ender  replied to  Ozzwald @2.2.4    one month ago

Eh, the best way for change is to hit the bottom line. I don't trust Amazon for a variety of reasons, one of them being selling fake/inferior products.

My BIL has had cameras for years. There are better options.

2.2.6  WallyW  replied to  Ender @2.2.5    one month ago

Amazon doesn't make them, simply one of several sellers

2.2.7  Ozzwald  replied to  WallyW @2.2.6    one month ago

Amazon doesn't make them, simply one of several sellers

We agree........  My world has just turned upside down.


2.3  XDm9mm  replied to  Ender @2    one month ago
Some sick people out there.

I completely concur.  But that is no different than it ever has been or ever will be.  The only difference today is the plethora of avenues available to sate the sick mind.

Of course the company is not taking responsibility.

The company actually has no responsibility.  They manufactured a product with user instructions.  They cannot be held responsible for the user not adhering to those instructions or for the ability of other nefarious people to take advantage of the current level of technology.

For example, how many people, I'll submit many right here on NT, have taken the time to access the security settings of the carrier installed router for their home 'wifi' connect-ability?  Very likely not many.  They abdicate THEIR security to others as they're too lazy to assume any responsibility themselves.   Hell, when "Spectrum" installed the "modem" (actually the incorrect term for the coax adapter they installed) the "tech" assured me that the security settings were modified from factory specs and "NO ONE OTHER THAN YOU WILL HAVE ACCESS TO THE SERVICE"....   Yeah right.   The Admin user name was left as factory "ADMIN" and the password was, drum roll please....   ADMIN...  (Similar to John Podesta having his "password" as PASSWORD!!!)

Needless to say, my Admin username was immediately changed by me and my Admin password is quite different and sufficiently difficult enough to remember that I had to right it down as it's not something I regularly use.

Don't expect a consumer product to protect you...   that's your responsibility and your responsibility alone.

2.3.1  seeder  Ender  replied to  XDm9mm @2.3    one month ago

I set my wifi security when I got it. Like you I had to write it down somewhere.

Someone stealing wifi is not the same as turning on a camera to spy on kids.

There are quite a few people that had this happen.

2.3.2  XDm9mm  replied to  Ender @2.3.1    one month ago
Someone stealing wifi is not the same as turning on a camera to spy on kids. There are quite a few people that had this happen.

When you put "wireless" products in your home, you're inviting in anyone with a sniffer.

Years back, I had the pleasure of riding with an individual that would just randomly roam neighborhoods while he 'sniffed' for unsecured networks.  He found numerous and left them messages on what he had access to...  (he didn't look but could have) and how they could correct the problems themselves, or several companies that could help them with securing their networks.

How do you think those cameras communicate?  Unless you're operating a network using infrared point to point networks, or ethernet or some other form of wired network, they're wireless and invariably wifi (so people can access them remotely).

2.3.3  TᵢG  replied to  XDm9mm @2.3.2    one month ago
When you put "wireless" products in your home, you're inviting in anyone with a sniffer.

Much worse is when we put products that communicate over the Internet.   At the point the vulnerability extends beyond the wireless range (our home) into the entire connected world (the entire planet).

2.3.4  XDm9mm  replied to  TᵢG @2.3.3    one month ago
Much worse is when we put products that communicate over the Internet.

Well noted.

Personally, I'm not overly concerned as for the most part everything I have is hard wired with limited "wifi" access.   And anything that does 'touch' the outside world is actually double encrypted.  My operating system is encrypted and needs to be unlocked before I even get to the program files encryption program.

2.3.5  TᵢG  replied to  XDm9mm @2.3.4    one month ago

I agree that it is possible to be largely secure, but I suspect most users are unaware of the liabilities and do not take even basic precautions.

3  Kavika     one month ago

What a very sick person. How horrible for the child and the parents. 

The kids will never feel safe in their own home again.

According to the article, this is not a one-off incident. They are others being reported. 


3.1  seeder  Ender  replied to  Kavika @3    one month ago

Sad. Poor girl, it was like the beginning of a horror movie.

Now they won't sleep in their bedroom.

3.2  JaneDoe  replied to  Kavika @3    one month ago

I remember a while back there were problems like this with some baby monitors too. To think that people would spend their time harassing and spying on kids, or anyone, is just messed up beyond belief! 

Paula Bartholomew
4  Paula Bartholomew    one month ago

Hopefully experts can find this freak and lock him up for many years.

5  TᵢG    one month ago

Our lives will increasingly become available to hackers.   It is not realistic to just not use technology.   What can be done, however, is to use sensible credentials.   Use different passwords and accounts and whenever possible use 2-factor authentication (where a code is sent to your phone that you must then supply to gain access).

Sickening, is it not, that there are so many assholes out there using their computer talents to cause harm?

5.1  seeder  Ender  replied to  TᵢG @5    one month ago

I fear it is only going to get worse. With the tech that can control thermostats, lights, etc.

Even door locks. Someone could just hack in and unlock a door.

5.1.1  TᵢG  replied to  Ender @5.1    one month ago

It will get worse.   Our best approach is to use effective credentials and processes.


Who is online


31 visitors