A security flaw is plaguing users of Ring's smart doorbell device. More specifically, it's the mobile app that's causing a potentially serious problem where users aren't being forced to sign-in after changing the password, regardless of how much time had passed since making the change.
Without forcing users to sign-in again, those who used to have access to the doorbell's video feed can still get access regardless of the password change. In one case, a person was found to have been watching their ex-partner's feed for months without the other person knowing.
Ring Doorbells Hit With Vulnerability
Ring said it started kicking people out in January upon learning about the incident, as The Information reports, but that window of opportunity still lasted several hours in a test by the publication.
Someone with a valid sign-in is not only able to watch the feed, but also download videos, which sounds downright creepy.
Amazon now has to deal with the flaw since it acquired the company in February. If it plans on using Ring smart home devices as part of its delivery services such as Amazon Key, it needs to know the devices are safe against security vulnerabilities and exploits like this, especially at a time where data privacy remains a hot-button topic for millions of people following Facebook's Cambridge Analytica fiasco.
Ring has issued a statement promising additional improvements and advising users to refrain from sharing login details as much as possible.
"We strongly recommend that customers never share their username or password. Instead, they should add family members and other users to their devices through Ring's "Shared Users" feature. This way, owners maintain control over who has access to their devices and can immediately remove users," said Ring, as Engadget reports.
Internet Of Things
Despite Ring's promises, the incident underscores the dangers inherent to Internet of Things devices. In August 2017, a firmware update bricked a number of smart locks from LockState, which stranded a lot of people inside their own homes or left them unable to enter it.
As the prevalence of smart home devices increasingly set the stage for a future where every component of the house belongs in an interconnected network, companies must be mindful about how fragile security and data privacy is. Vulnerabilities like this can ultimately leave users at risk, which is the exact opposite of what a "smart home" device is supposed to do.
Do you use a Ring doorbell? As always, feel free to sound off in the comments section below!