Ring: Difference between revisions - Consumer Rights Wiki

Line 9:

'''Ring''' is a manufacturer of home security and smart home devices owned by [[Amazon]], the company was acquired as a subsidiary in 2018.<ref>https://techcrunch.com/2018/04/12/amazon-officially-owns-ring-so-lets-talk-product-integration/</ref>

==Vulnerabilities==

''The following section was sourced from https://en.wikipedia.org/wiki/Ring_(company)#Vulnerabilities''

In January 2019, it was uncovered that employees at Ring's two offices had access to the video recordings from all Ring devices.<ref>{{Cite news|last=Wiggers|first=Kyle|date=January 10, 2019|title=Ring employees reportedly had access to all live and recorded customer videos|work=VentureBeat|url=https://venturebeat.com/2019/01/10/ring-employees-reportedly-had-access-to-all-live-and-recorded-customer-videos/|access-date=January 12, 2019}}</ref> In addition, ''The Intercept'' reported that the video data was stored unencrypted.<ref>{{Cite news|last=Biddle|first=Sam|date=January 10, 2018|title=For Owners of Amazon's Ring Security Cameras, Strangers May Have Been Watching Too|work=The Intercept|url=https://theintercept.com/2019/01/10/amazon-ring-security-camera/|access-date=January 12, 2018}}</ref> In a December 2019 test, ''Motherboard'' found that Ring's software did not implement security features such as recognizing unknown IP addresses or providing a display of active login sessions, allowing the publication to access a Ring account from IP addresses based in multiple countries without warning the user.<ref>{{cite web|first1=Joseph|last1=Cox|access-date=February 20, 2020|title=We Tested Ring's Security. It's Awful|url=https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security|date=December 17, 2019|website=Vice}}</ref>

The Neighbors network leaks metadata about the footage posted in videos and "crime alerts". This metadata, combined with public city map data, is frequently sufficient to discover the exact location of the Ring doorbell or a camera. In one experiment, ''Gizmodo'' located 20,000 devices based on information collected (scraped from the app) over a period of month. University researchers were able to locate 440,000 devices using data spanning back to 2016.<ref>{{Cite web|title=Ring's Hidden Data Let Us Map Amazon's Sprawling Home Surveillance Network|url=https://gizmodo.com/ring-s-hidden-data-let-us-map-amazons-sprawling-home-su-1840312279|access-date=November 27, 2020|website=Gizmodo|date=December 9, 2019|language=en-us}}</ref>

Cybersecurity firm Bitdefender identified a vulnerability in the Ring Video Doorbell Pro product in July 2019, which was patched before being publicly disclosed in November 2019.<ref>{{cite web|last1=Palmer|first1=Danny|date=November 7, 2019|title=Amazon fixes Ring Video Doorbell wi-fi security vulnerability|url=https://www.zdnet.com/article/amazon-fixes-ring-video-doorbell-wi-fi-security-vulnerability/|access-date=December 13, 2019|website=ZDNet}}</ref><ref>{{cite web|last1=Ng|first1=Alfred|date=November 7, 2019|title=Ring doorbells had vulnerability leaking Wi-Fi login info, researchers find|url=https://www.cnet.com/news/ring-doorbells-had-vulnerability-leaking-wi-fi-login-info-researchers-found/|access-date=December 13, 2019|website=CNET}}</ref><ref>{{cite web|date=November 7, 2019|title=Ring Video Doorbell Pro Under the Scope|url=https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf|access-date=December 13, 2019|website=Bitdefender}}</ref> Hackers accessed a number of Ring cameras in December 2019 and used the device speakers to broadcast racial slurs, threats, and other inflammatory language to multiple households across the United States.<ref name="Vice podcast">{{cite web|last1=Cox|first1=Joseph|last2=Koebler|first2=Jason|date=December 12, 2019|title=Inside the Podcast that Hacks Ring Camera Owners Live on Air|url=https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast|access-date=December 12, 2019|website=Vice}}</ref><ref>{{cite web|last1=Murdock|first1=Jason|date=December 10, 2019|title=Ring camera hacker uses home security system to spew racial slurs at Florida family|url=https://www.newsweek.com/florida-cape-coral-amazon-ring-home-security-system-hacked-racial-slurs-1476430|access-date=December 12, 2019|website=Newsweek}}</ref><ref>{{cite web|last=Howerton|first=Matt|date=December 11, 2019|title=Hacker says, 'pay bitcoin ransom or get terminated,' through couple's Ring security cameras|url=https://www.wfaa.com/article/news/hacker-says-pay-bitcoin-ransom-or-get-terminated-through-couples-ring-security-cameras/287-226c535c-c765-4b29-91b6-d849fb315e94|access-date=December 12, 2019|website=WFAA}}</ref> A ''Motherboard'' investigation discovered crime forums that distributed software exploits of Ring devices that were used in the cyberattacks, and that members of the hacking forum Nulled had been recording their breaches as "podcasts".<ref>{{cite web|last1=Cox|first1=Joseph|last2=Cole|first2=Samantha|date=December 11, 2019|title=How Hackers Are Breaking Into Ring Cameras|url=https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras|access-date=December 12, 2019|website=Vice}}</ref> Ring responded to the incidents by advising its users to have strong passwords, enable two-factor authentication, and adopt other security measures.<ref>{{cite web|last1=Holley|first1=Jessica|title=Family says hackers accessed a Ring camera in their 8-year-old daughter's room|url=https://www.wmcactionnews5.com/2019/12/11/family-says-hackers-accessed-ring-camera-their-year-old-daughters-room/|access-date=December 12, 2019|website=WMC Action News 5|date=December 12, 2019}}</ref> Ring mandated two-factor authentication for all users on February 18, 2020.<ref>{{cite web|date=February 19, 2020|title=Ring makes two-step verification mandatory|url=https://www.bbc.com/news/technology-51555450|access-date=February 20, 2020|website=BBC News}}</ref><ref>{{cite web|last=Song|first=Victoria|date=February 18, 2020|title=Ring Finally Rolls Out Mandatory Two-Factor Authentication After Privacy Scandals|url=https://gizmodo.com/ring-finally-rolls-out-mandatory-two-factor-authenticat-1841760958|access-date=February 20, 2020|website=Gizmodo}}</ref>

==Controversies==

@@ Line 9: / Line 9: @@
 '''Ring''' is a manufacturer of home security and smart home devices owned by [[Amazon]], the company was acquired as a subsidiary in 2018.<ref>https://techcrunch.com/2018/04/12/amazon-officially-owns-ring-so-lets-talk-product-integration/</ref>
+==Vulnerabilities==
+''The following section was sourced from https://en.wikipedia.org/wiki/Ring_(company)#Vulnerabilities''
+In January 2019, it was uncovered that employees at Ring's two offices had access to the video recordings from all Ring devices.<ref>{{Cite news|last=Wiggers|first=Kyle|date=January 10, 2019|title=Ring employees reportedly had access to all live and recorded customer videos|work=VentureBeat|url=https://venturebeat.com/2019/01/10/ring-employees-reportedly-had-access-to-all-live-and-recorded-customer-videos/|access-date=January 12, 2019}}</ref> In addition, ''The Intercept'' reported that the video data was stored unencrypted.<ref>{{Cite news|last=Biddle|first=Sam|date=January 10, 2018|title=For Owners of Amazon's Ring Security Cameras, Strangers May Have Been Watching Too|work=The Intercept|url=https://theintercept.com/2019/01/10/amazon-ring-security-camera/|access-date=January 12, 2018}}</ref> In a December 2019 test, ''Motherboard'' found that Ring's software did not implement security features such as recognizing unknown IP addresses or providing a display of active login sessions, allowing the publication to access a Ring account from IP addresses based in multiple countries without warning the user.<ref>{{cite web|first1=Joseph|last1=Cox|access-date=February 20, 2020|title=We Tested Ring's Security. It's Awful|url=https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security|date=December 17, 2019|website=Vice}}</ref>
+The Neighbors network leaks metadata about the footage posted in videos and "crime alerts". This metadata, combined with public city map data, is frequently sufficient to discover the exact location of the Ring doorbell or a camera. In one experiment, ''Gizmodo'' located 20,000 devices based on information collected (scraped from the app) over a period of month. University researchers were able to locate 440,000 devices using data spanning back to 2016.<ref>{{Cite web|title=Ring's Hidden Data Let Us Map Amazon's Sprawling Home Surveillance Network|url=https://gizmodo.com/ring-s-hidden-data-let-us-map-amazons-sprawling-home-su-1840312279|access-date=November 27, 2020|website=Gizmodo|date=December 9, 2019|language=en-us}}</ref>
+Cybersecurity firm Bitdefender identified a vulnerability in the Ring Video Doorbell Pro product in July 2019, which was patched before being publicly disclosed in November 2019.<ref>{{cite web|last1=Palmer|first1=Danny|date=November 7, 2019|title=Amazon fixes Ring Video Doorbell wi-fi security vulnerability|url=https://www.zdnet.com/article/amazon-fixes-ring-video-doorbell-wi-fi-security-vulnerability/|access-date=December 13, 2019|website=ZDNet}}</ref><ref>{{cite web|last1=Ng|first1=Alfred|date=November 7, 2019|title=Ring doorbells had vulnerability leaking Wi-Fi login info, researchers find|url=https://www.cnet.com/news/ring-doorbells-had-vulnerability-leaking-wi-fi-login-info-researchers-found/|access-date=December 13, 2019|website=CNET}}</ref><ref>{{cite web|date=November 7, 2019|title=Ring Video Doorbell Pro Under the Scope|url=https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf|access-date=December 13, 2019|website=Bitdefender}}</ref> Hackers accessed a number of Ring cameras in December 2019 and used the device speakers to broadcast racial slurs, threats, and other inflammatory language to multiple households across the United States.<ref name="Vice podcast">{{cite web|last1=Cox|first1=Joseph|last2=Koebler|first2=Jason|date=December 12, 2019|title=Inside the Podcast that Hacks Ring Camera Owners Live on Air|url=https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast|access-date=December 12, 2019|website=Vice}}</ref><ref>{{cite web|last1=Murdock|first1=Jason|date=December 10, 2019|title=Ring camera hacker uses home security system to spew racial slurs at Florida family|url=https://www.newsweek.com/florida-cape-coral-amazon-ring-home-security-system-hacked-racial-slurs-1476430|access-date=December 12, 2019|website=Newsweek}}</ref><ref>{{cite web|last=Howerton|first=Matt|date=December 11, 2019|title=Hacker says, 'pay bitcoin ransom or get terminated,' through couple's Ring security cameras|url=https://www.wfaa.com/article/news/hacker-says-pay-bitcoin-ransom-or-get-terminated-through-couples-ring-security-cameras/287-226c535c-c765-4b29-91b6-d849fb315e94|access-date=December 12, 2019|website=WFAA}}</ref> A ''Motherboard'' investigation discovered crime forums that distributed software exploits of Ring devices that were used in the cyberattacks, and that members of the hacking forum Nulled had been recording their breaches as "podcasts".<ref>{{cite web|last1=Cox|first1=Joseph|last2=Cole|first2=Samantha|date=December 11, 2019|title=How Hackers Are Breaking Into Ring Cameras|url=https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras|access-date=December 12, 2019|website=Vice}}</ref> Ring responded to the incidents by advising its users to have strong passwords, enable two-factor authentication, and adopt other security measures.<ref>{{cite web|last1=Holley|first1=Jessica|title=Family says hackers accessed a Ring camera in their 8-year-old daughter's room|url=https://www.wmcactionnews5.com/2019/12/11/family-says-hackers-accessed-ring-camera-their-year-old-daughters-room/|access-date=December 12, 2019|website=WMC Action News 5|date=December 12, 2019}}</ref> Ring mandated two-factor authentication for all users on February 18, 2020.<ref>{{cite web|date=February 19, 2020|title=Ring makes two-step verification mandatory|url=https://www.bbc.com/news/technology-51555450|access-date=February 20, 2020|website=BBC News}}</ref><ref>{{cite web|last=Song|first=Victoria|date=February 18, 2020|title=Ring Finally Rolls Out Mandatory Two-Factor Authentication After Privacy Scandals|url=https://gizmodo.com/ring-finally-rolls-out-mandatory-two-factor-authenticat-1841760958|access-date=February 20, 2020|website=Gizmodo}}</ref>
 ==Controversies==