If you've got a Ring doorbell or security camera, it's possible the company's employees could access your security feeds, even if you had a strong password. The company's lax attitude to encryption and access has been revealed.
Ring was acquired by Amazon last year for a lazy US$1B with the company's mission to combat neighbourhood crime a key part of that deal.
Sources told The Intercept that Ring's Ukraine-based R&D team had access to pretty much anyone's security feed. As long as they had your email address, they could look in on your account and watch your camera feeds live without your knowledge or consent.
To take matters worse, video files were unencrypted as Ring's bosses thought encryption would make the company less valuable because of the costs and that limiting access could reduce future revenues. And that access wasn't limited to the Ukraine-based support and research teams. Execs in the US has high-level "god-mode" access as well.
What's the lesson for us here?
I said last year that trust is the most important tech story of our time. I've got a pair of Ring devices - a Doorbell 2 and Spotlight Cam. Both are fine devices but I'm glad they're outside my house, pointing to the driveway and front yard. With this revelation about Ring, I'm not keen to install one of its in-house products - although I did test the Nest Cam IQ.
The smart home revolution is well and truly upon us. And while much of the focus is on whether Google, Amazon, Apple or someone else will deliver the standard most people will use, the real story will boil down to which platform people will trust.
Amazon took a battering over issues with Alexa audio landing in the wrong hands last year. This news about lax security practices with the Ring is not helping its cause.
Following original publication of this article, Ring responded and provided the following:
We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbours app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilise their videos for such purposes. Ring employees do not have access to livestreams from Ring products.
We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behaviour, we will take swift action against them.