MADISON (WKOW) — Does it ever feel like someone’s watching you?
It’s a chilling reality happening to people across the country — strangers looking in on them through their home security cameras.
Kyla Charles, a mother of three from Belleville, is one of the “millions” of people who use a smart security device.
“We use it every day,” said Charles, who owns a Ring Doorbell camera. “I like the convenience, especially being a stay-at-home mom, I know what’s going on outside.”
But, several of these smart home security cameras have been subject to hackers getting control of them from thousands of miles away.
In one example from December, a man harassed an 8-year-old Mississippi girl while she was in her bedroom.
“I’m Santa Claus. Don’t you want to be my best friend?” he says, prompting the girl to scream for her mother.
The video terrified her family and others, including Charles.
“Your stomach just drops,” Charles recalled when she saw the video online. “It’s terrifying to think that somebody could be looking in on your family, it’s just creepy.”
So, how is this happening?
Jack Koziol, an ethical hacker who runs a security firm called Infosec Institute says it all starts by clicking on a fake email that looks like it’s from a trusted online company.
Commonly known as a “phishing” scam, the email asks you to log into your account. Once you do that, your login and password is stolen and leaked to the dark web for hackers to find.
“Unfortunately, it’s way too easy,” said Koziol. “If you reuse your password for multiple accounts, hackers can just use that password and get right into your account.”
A security engineer with InfoSec, Cameron Bulanda, showed 27 News how simple it is to log into a smart security device using compromised credentials.
Bulanda was able to take control of the demo camera “within a matter of moments.”
But Koziol warns that hackers can wait weeks or months until they log into a camera and start using it.
“If you get an email from the vendor that says there’s a suspicious login or there’s suspicious activity…take that seriously,” said Koziol.
Koziol warns that while there has been no evidence that these security cameras have been compromised in these hacks, people should ask themselves important questions before buying these devices.
“You want to think about if someone gets into this camera, what’s the damage to my family? What could happen if someone captures this video?” said Koziol. “If I’m going to use one of these devices, I want to go and turn on all of the optional security features.”
Koziol recommends treating all of your passwords like “a toothbrush”.
“Change it often and don’t share it,” Koziol said.
He also recommends setting up two-factor authentication, which can require a user to enter a code that is sent in a text message.
Meanwhile, Charles says the recent hackings has made her think twice about how she secures herself on the web.
“It makes me feel cautious, it makes me think that I should proceed with doing additional steps to protect our home,” said Charles. “Maybe these companies should be doing more research to protect our families.”
In statements related to the recent hacks, both Ring and Nest insist they’ve found “no evidence” of an unauthorized intrusion or compromise of their systems or network and reminded customers to use multi-factor authentication.
For other cybersecurity tips to protect your family from hackers, visit InfoSec Institute’s website.