Dozens of people who say they were subjected to death threats, racial slurs, and blackmail after their in-home Ring smart cameras were hacked are suing the company over “horrific” invasions of privacy.
A new class action lawsuit, which combines a number of cases filed in recent years, alleges that lax security measures at Ring, which is owned by Amazon, allowed hackers to take over their devices. Ring provides home security in the form of smart cameras that are often installed on doorbells or inside people’s homes.
The suit against Ring builds on previous cases, joining together complaints filed by more than 30 people in 15 families who say their devices were hacked and used to harass them. In response to these attacks, Ring “blamed the victims, and offered inadequate responses and spurious explanations”, the suit alleges. The plaintiffs also claim the company has also failed to adequately update its security measures in the aftermath of such hacks.
The suit outlines examples of hackers taking over Ring cameras, screaming obscenities, demanding ransoms, and threatening murder and sexual assault.
One Ring user says he was asked through his camera as he watched TV one night, “What are you watching?” Another alleges his children were addressed by an unknown hacker through the device, who commented on their basketball play and encouraged them to approach the camera.
In one case, an older woman at an assisted living facility was allegedly told “tonight you die” and sexually harassed through the camera. Due to the distress caused by the hack she ultimately had to move back in with her family, feeling unsafe in the facility where she once lived.
Repeatedly, Ring blamed victims for not using sufficiently strong passwords, the suit claims. It says Ring should have required users to establish complicated passwords when setting up the devices and implement two-factor authentication, which adds a second layer of security using a second form of identification, such as a phone number.
However, as the lawsuit alleges, Ring was hacked in 2019 – meaning the stolen credentials from that breach may have been used to get into users’ cameras. That means the hacks that Ring has allegedly blamed on customers may have been caused by Ring itself. A spokesperson said the company did not comment on ongoing litigation.
The lawsuit also cites research from the Electronic Frontier Foundation and others that Ring violates user privacy by using a number of third-party trackers on its app.
The suit said that, at present, Ring “has not sufficiently improved its security practices or responded adequately to the ongoing threats its products pose to its customers”. Security and privacy experts have also criticized Ring’s response.
In addition to hacking concerns, Ring has faced increasing criticism for its growing surveillance partnership with police forces. Ring has now created law enforcement partnerships, which allow users to send footage and photos to police, in more than 1,300 cities.
“Ring’s surveillance-based business model is fundamentally incompatible with civil rights and democracy,” Greer said. “These devices, and the thinking behind them, should be melted down and never spoken of again.”