Amazon’s Ring Security Camera

From Privacy Wiki
Jump to navigation Jump to search
Amazon’s Ring Security Camera
Short Title Amazon’s Ring Security Camera Was Found to Have Security Vulnerabilities
Location Global
Date 2020

Solove Harm Insecurity, Secondary Use
Information Identifying, Physical Characteristics, Computer Device, Contact
Threat Actors Amazon

Individuals
Affected Users of Ring security cameras
High Risk Groups
Tangible Harms

The data of users of Amazon’s Ring security cameras were found to be not protected enough. Employees had access to customers’ videos, and hackers were able to hijack the cameras of multiple families.

Description

Ring Inc. is a company owned by Amazon that is specialized in home security and that produces an internet-connected doorbell camera to let users watch live videos of their homes through an app. The app requires registration with email and a password.

In 2020 Ring camera was found to have paradoxically low-security standards concerning users' data. It appeared that employees of the company had access to customers’ videos. Insecurity The company had to fire 4 employees over a few years for watching customers’ videos. Another Insecurity example is that in December 2019 hackers were able to hijack the Ring cameras of multiple families, using the devices’ speakers to verbally assault some of them.

In reaction to that in 2020 Ring announced new security protocols, such as mandating two-factor verification to log into one’s account to access the footage.

Another violation that was identified is Secondary Use, as researches found hidden code, that was using invisible trackers to send users’ data to third-party marketing and analytics firms.

When the issue was addressed, the company reacted, that they were “temporarily pausing the use of most third-party analytics services in the Ring apps and website” and working on tools for people to opt-out of this type of data sharing.