If you have a Ring Doorbell, you most likely have it because it gives you a sense of security, knowing that you can watch video and get pictures of people on your doorstep. But it turns out it’s not always as safe as it should be, though Amazon patched its latest vulnerability that would allow hackers access to your Ring and possibly even add fake photos into your feed.
Ring Doorbell Vulnerability
If you have a newer version of the app that goes along with the Ring doorbell, you’re set, as the company, owned by Amazon, has patched the app to solve the vulnerability. Those still running older versions of the app, however, could still be at risk.
Researchers from Dojo by BullGuard published a report of the vulnerability after finding that if a hacker is able to use the right techniques, they can access the incoming data packets. This would allow them to listen to the live feed, as it wasn’t effectively encrypted.
At worst, if the hacker had access to the user’s Wi-Fi, they could have inserted data into the feed for the Ring Doorbell before it reached the older version of the app. In at least one attack, the method used to insert data could insert doctored images so that the Ring user would be fooled and think it was safe to open the door.
This is not the first time vulnerabilities have been found in Ring devices. There were reports earlier this year that Ring was allowing their employees to watch videos recorded by users; however, Ring denied this news. It’s unknown if they encrypt the video footage or use other security measures to protect data, as they don’t publish that information.
Last May it was reported that the company allowed password changes and never signed users out after they were logged in once. A year before that, users found that their cameras were sending data to a Chinese serve that was being run by the Baidu search engine. It’s not known why, but Ring said earlier this month that it “was not a cause for concern; however, Ring updates its devices’ firmware regularly.”
Ring Not Respecting User Privacy
But with all these reports, it seems Ring doesn’t value user privacy much. It’s easy for them to see these data leaks aren’t of concern, but they don’t offer explanations, and it seems that it’s happening too often. It’s great that they patch these vulnerabilities, but what harm is being done in the meantime?
Ring doorbells are a security product. The reason anyone buys and installs the system is to keep their home secure, so that they can keep record of who’s on their doorstep. That the data is being sent through other servers, that you’re not signed out, and that someone could infiltrate your system to either listen in or send fake images is a big deal.
Perhaps, however, this is only being reported because Ring is such a titan in the industry. Maybe this isn’t so much a Ring problem but something throughout the security camera industry. If that’s the case, it should definitely be a buyer beware type of thing, and users should do research on what happens to their data before they purchase any security camera.
I know for myself, when I set up my camera, I chose to not host my video in the cloud and opted instead to use a a micro SD card to store it locally. However, the images and video are still sent from my camera to my device, so they are still being sent through some server. It’s up to me to find out how secure that system is.
Do you use a Ring doorbell? Are you worried about the vulnerabilities? Let us know in the comments below.