In December 2019, the media drew attention to the frequent hacks of smart devices Ring and Nest, during which attackers not only compromised the devices but also mocked their owners, broadcasting what was happening on the air and creating whole podcasts around it.
Most of these hacks were carried out using conventional dictionary attacks or credential stuffing. This term refers to situations when usernames and passwords are stolen from some sites and then used against others. That is, the attackers have a ready-made database of credentials (purchased on the darknet, collected independently, and so on) and try to use this data to log in to any sites and services.
As a result, in December it was discovered that the network sold collections of thousands of ready-to-use recorded data from Ring and Nest devices. Because of this, the developers of smart gadgets have been sharply criticized, as they obviously did not make sufficient efforts to protect user accounts and privacy.
However, the developers still took action. So, back in December last year, Ring tried to help users by adding system login notifications that were sent to users every time they logged in to their account. A month later, in January 2020, Ring also had a new section in the control center, where users could see all the devices connected to their accounts and forcefully disconnect those that were suspicious and could be used by hackers.
Unfortunately, these measures were clearly not enough, so soon two-factor authentication (2FA) will become mandatory for all Ring users. Unlike the first two functions, 2FA is an active rather than a passive defense that allows users to react to what happened only after hacking. The new rule has already entered into force, and the next time you log into your account, all users will be asked to select the 2FA method (email or SMS).