She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.
S E E D E D C O N T E N T
When Alyssa LeMay heard the strange music and sounds coming from her bedroom, she walked in expecting to find one of her sisters. But the room was empty.
Then, as the 8-year-old wandered around her room alone, the mysterious song abruptly stopped.
“Hello there,” a man’s voice said.
It wasn’t Alyssa’s father, who was elsewhere inside the family’s Mississippi home. The voice belonged to a stranger. And not only could the faceless man speak to the young girl — he could see her.
In a chilling exchange caught on video last week, the LeMays say the man was able to interact with their daughter after hacking into a Ring security camera that had recently been installed in the bedroom shared by Alyssa and her two younger sisters. Over the course of several minutes, the man repeatedly directed a racial slur at Alyssa and tried to persuade her to misbehave, according to a copy of the video obtained by The Washington Post.
The LeMays, however, aren’t the only people who have experienced this nightmare in recent weeks. Several Ring users nationwide have reported that their security systems were also infiltrated by hackers who harassed them through the camera’s two-way talk function . (Ring is an Amazon product. Amazon chief executive Jeff Bezos owns The Washington Post.)
A spokesperson for Ring told The Post in a statement early Thursday that what happened to the LeMays “is in no way related to a breach or compromise of Ring’s security.” The “bad actors” behind the attacks “often re-use credentials stolen or leaked from one service on other services,” the spokesperson said. Ring has addressed the other reports of hacking with similar statements.
“Customer trust is important to us and we take the security of our devices seriously,” the spokesperson said.
Trust was a major factor in Ashley LeMay’s decision to buy Ring cameras for her home. For two years, the 27-year-old mother of four said she talked herself out of getting indoor security cameras, citing potential privacy breaches as one of her concerns. That changed when she saw that a majority of people in her neighborhood in a small northern Mississippi town had outfitted their homes with Ring doorbells. LeMay’s friend, a fellow mother, also recommended the indoor camera to her.
“It seemed like nobody had ever had any issues with it,” she said. “Everybody seemed to go with that same brand, so it seemed like something that was trustworthy.”
For LeMay, who works overnight at a hospital as a laboratory scientist, the cameras not only gave her “peace of mind” but also helped her children feel safe.
“It’s really neat that you could talk to them,” she said. “When I would go into work, I’d be like, ‘Love you, good night.’ It just made them feel like I was close.”
On Dec. 4, that sense of security was shattered.
Shortly after 8 p.m., both cameras started live-streaming and the Tiny Tim cover of “Tiptoe Through the Tulips,” a song that famously appeared in a scene from the 2010 horror film “Insidious,” poured from the speakers, LeMay said. At the time, she was out running errands, but her husband was home with the children.
“I thought it was my sister because I hear music. It’s like, ‘Tiptoe to the window,’ ” she said. “So I come upstairs and I hear some banging noise, I was like, ‘Who is that?’ ”
In the video recorded by the camera, the overly cheerful song is playing as Alyssa walks into the empty bedroom. The hacker’s sudden greeting prompts the girl to gasp and whip her head from side to side, frantically looking for the source.
From there, the exchange takes a dark turn.
The voice begins shouting the n-word at Alyssa, who is becoming increasingly confused.
“Go tell Mommy you’re a n-----,” the voice commands Alyssa, who is white.
The voice responds: “I’m your best friend. You can do whatever you want right now. You can mess up your room. You can break your TV.”
The young girl repeats her question, sounding distressed. At one point, she screams, “Mommy!”
“I’m your best friend. I’m Santa Claus,” the voice says, later adding, “Don’t you want to be my best friend?”
The conversation ends when Alyssa says, “I don’t know who you are,” and walks out of the room. The camera’s microphone picks up audio of Alyssa telling her father what happened.
“Someone’s being weird upstairs,” she says.
LeMay said her husband immediately texted her and unplugged the cameras. The worst part of watching the video was seeing her daughter call out for her, she said.
Although LeMay said she contacted Ring right after the frightening incident, the family had plans to leave for a cruise the next morning, and she had to wait until they returned earlier this week to start seeking answers.
The company’s responses, she said, left her frustrated. Instead of answering her questions about whether the hack was done locally or by someone far away, LeMay said, a Ring representative repeatedly brought up how she didn’t set up two-factor authentication as an added security measure.
“The fact that they’re just continuing to give customers the same blanket statement, it’s like they don’t seem concerned at all,” she said. “To be honest, it felt like they were trying to place the blame on me. As a mother, I already feel guilty enough that I let this happen to my family. … There’s just no need for that.”
Meanwhile, Ring users elsewhere were also being hacked. Over the weekend, a family in Cape Coral, Fla., said a man started talking to them through their camera and making racist comments about their son, asking, “Is your kid a baboon, like the monkey?” WBBH reported . On Monday, the same thing happened to a woman in Atlanta, who was screamed at while in bed , as well as a couple in Grand Prairie, Tex., who say they were threatened with a ransom demand.
But LeMay said her family’s experience differs from the others.
“What’s so scary to us is that this person did not care that it was a young child,” she said, adding: “Whoever this was, they did not stop until we unplugged the cameras. He just would not stop.”
Now, Alyssa and her sisters are afraid to sleep in their bedroom. For the past few days, the girls have been camped out in the living room, LeMay said.
“This is our first house,” the mother said. “It’s really sad to not feel safe.”
Video at link.
Tags
Who is online
125 visitors
Video also at MSN site...
Some sick people out there.
Of course the company is not taking responsibility.
There are sick people out there! Poor little thing. That freak could have been watching that little girl changing clothes etc... This probably sounds strange but it’s almost a good thing that he spoke, if not, he could have just kept on watching.
True. They unplugged it. Had he not spoke, who knows how long it could have continued.
Good point Jane.
How is the company responsible? Many customers are not security savvy, or simply don't take their privacy seriously.
Any wireless (Wi-Fi) connection is fairly easily hacked unless it is set up correctly. The first thing I did with my new home computer modem was to disable the Wi-Fi function.
A lot of people can't do that. A family with phones and several devices, it is not practical to go without wifi.
The company is selling the device and just saying, good luck.
I know you all think any corporation is beyond reproach so I will not get into that.
It's not that Ring is beyond reproach, but they have given their customers the tools to prevent this from happening. They may need to take more steps to educate the customer on proper setup and security configuration, but you cannot expect them to hand hold the customer and help them cross the street.
I have 2 Rings at my house and feel confident that no one can access them outside of my family and the Ring company. "Hackers" are not like they are portrayed on television, they cannot access your system if you have taken simple steps by changing all the default passwords. For that matter, why would they bother to put that much effort into it? Unless you are wealthy or famous, what are they going to get out of it?
This case is mostly likely some asshole that got into an unsecured WiFi connection and decided to fuck around with them. He should be found and locked up, but the Ring owner needs to take some responsibility. If it is securely configured but still "hacked" (i.e. an unscrupulous Ring employee, xfinity employee, etc.) that would be a different case entirely.
Eh, the best way for change is to hit the bottom line. I don't trust Amazon for a variety of reasons, one of them being selling fake/inferior products.
My BIL has had cameras for years. There are better options.
We agree........ My world has just turned upside down.
What a very sick person. How horrible for the child and the parents.
The kids will never feel safe in their own home again.
According to the article, this is not a one-off incident. They are others being reported.
Sad. Poor girl, it was like the beginning of a horror movie.
Now they won't sleep in their bedroom.
I remember a while back there were problems like this with some baby monitors too. To think that people would spend their time harassing and spying on kids, or anyone, is just messed up beyond belief!
Hopefully experts can find this freak and lock him up for many years.
Our lives will increasingly become available to hackers. It is not realistic to just not use technology. What can be done, however, is to use sensible credentials. Use different passwords and accounts and whenever possible use 2-factor authentication (where a code is sent to your phone that you must then supply to gain access).
Sickening, is it not, that there are so many assholes out there using their computer talents to cause harm?
I fear it is only going to get worse. With the tech that can control thermostats, lights, etc.
Even door locks. Someone could just hack in and unlock a door.
It will get worse. Our best approach is to use effective credentials and processes.