Amazon’s Ring may not be all that secure

Five U.S. Senators are demanding that Amazon disclose how it is securing Ring home-security device footage – and who is allowed to access that footage.

The demands come on the heels of several security vulnerabilities and privacy-related incidents surrounding Amazon-owned Ring devices.

“Ring devices routinely upload data, including video recordings, to Amazon’s servers,” the senators wrote, Wednesday. “Amazon therefore holds a vast amount of deeply sensitive data and video footage detailing the lives of millions of Americans in and near their homes.

Last week, researchers discovered a (now-fixed) vulnerability in Ring doorbells that left Wi-Fi network passwords exposed. Previous vulnerabilities have been discovered over the past year, including a flaw reported in February that could allow an attacker to spy on families’ video and audio footage.

separate report earlier this year alleged that Ring employees in Ukraine were provided with “virtually unfettered access” to a folder containing every video created by every Ring camera globally, and that some U.S. Ring executives and engineers were given “highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras.”

Other reports have drawn privacy concerns about the video footage collected by Ring doorbells. Ring has acknowledged that it’s partnering with more than 600 police departments across the country to allow them to request access to camera footage from camera owners, drawing concern from privacy and consumer advocacy groups.

Amazon said that it does not require law enforcement to delete materials shared through a video request after a certain period of time. Furthermore, if videos are downloaded by law enforcement, they may become public records, Amazon said.

“Amazon plays on people’s fears to sell them surveillance products, and then turns around and puts them and their neighbors in danger,” said Evan Greer, deputy director of digital rights advocacy group Fight for the Future, in an email. “Through consumer products like Ring, Amazon is collecting footage and all the data needed to build a nationwide surveillance network. They leverage government relationships to promote their own products, gain consumer trust and secure their position in the market. This is an unprecedented assault on our security, constitutionally protected rights, and communities. Amazon’s admissions to Senator Markey show that we need an immediate full scale Congressional investigation into this tech titan’s surveillance practices.”

According to reports, Ring has also applied for a “facial recognition patent” and employees a “head of facial recognition research.” Senators asked Amazon to describe its plans regarding facial recognition for Ring devices – including Amazon’s own platform, Rekognition.

Full article here

Posted in Exploit, Tip.