Ring doorbell security has been a source of controversy for some time, but the company finally appears to be taking privacy issues seriously. It is now supporting end-to-end encryption of video footage for wireless as well as wired products.
The change will finally address security flaws which have been highlighted as far back as 2019 …
Video footage from Ring security cameras is stored on cloud services. These videos were unencrypted, letting staff access live and recorded feeds from customer cameras around the world. Reportedly, the only information needed to gain access was a customer’s email address.
According to The Intercept, Ring’s engineers and executives have “highly privileged access” to live camera feeds from customers’ devices. This includes both doorbells facing the outside world, as well as cameras inside a person’s home. A team tasked with annotating video to aid in object recognition captured “people kissing, firing guns, and stealing.” [Update: According to Ring, annotation is only conducted on “publicly shared Ring videos.”]
U.S. employees specifically had access to a video portal intended for technical support that reportedly allowed “unfiltered, round-the-clock live feeds from some customer cameras.” What’s surprising is how this support tool was apparently not restricted to only employees that dealt with customers […]
The Intercept notes that only a Ring customer’s email address was required to access any live feed […]
Meanwhile, a second group of Ring employees working on R&D in Ukraine had access to a folder housing “every video created by every Ring camera around the world.” What’s more, these employees had a “corresponding database that linked each specific video file to corresponding specific Ring customers.”
Amazon, which acquired Ring back in 2018, subsequently fired employees who abused this access.
This wasn’t the end of it, however. Concerns were also raised when police were able to privately contact Ring doorbell owners to request access to video footage.
Such usage has proven controversial, with concerns raised that footage may include uninvolved passersby. Video of them may then end up being held indefinitely on police systems.
Amazon updated its processes so that, in future, such requests would have to be public.
Ring doorbell security boost
Ring did offer the option of end-to-end encryption for its wired doorbells, but not for wireless ones. The Verge reports that this has now changed.
Ring is now offering end-to-end encryption of video and audio on its battery-powered video doorbells and security cameras, over a year after it added the option to its hardwired and plug-in devices. End-to-end encryption lets users of the company’s video cameras keep their footage locked down, making it accessible only on their enrolled iOS or Android device. Separately, Ring is also making it easier to save recorded videos when an owner sells or disposes of a Ring device
With end-to-end encryption enabled, no one but the camera’s owner can access recorded footage. Even if law enforcement asked Ring, or its parent company Amazon, for the video, they couldn’t provide it. Only the enrolled mobile device can unlock the video.
End-to-end encryption comes with drawbacks
End-to-end encryption is an optional setting, and the site points out that you should first make sure you’re aware of the downsides.
With end-to-end encryption turned on, users lose the ability to preview videos on the Ring app’s Event Timeline view and in rich notifications that show a snapshot of action in notification before opening the app.
Also, shared users of Ring devices can’t see videos on their devices, and no user can share videos from the Ring app or view footage on Echo Show devices or any third-party apps. End-to-end encryption also disables Alexa Greetings and Quick Replies – where a Ring video doorbell can automatically respond to a visitor. Bird’s Eye View also won’t work – an option on some Ring cameras that shows the path a visitor has taken to the doorbell or camera.