Amazon Ring App Found To Be (Again) Exposing User Locations, Home Addresses

from the fool-me-once dept

While Amazon Ring and other doorbells certainly deliver a certain convenience, they’ve created no shortage of entirely new problems. Problems that could have been avoided with just a bit of foresight and ethical behavior. First comes the fact they’re being integrated into our already accountability-optional law enforcement and intelligence apparatus. Then, like the rest of the “let’s connect everything to the internet but do a shit job on basic security and privacy because it costs money” IOT sector, they can’t be bothered to get the fundamentals right when it comes to consumer security.

The latest example involves Ring failing to adequately secure users information when they share to the Ring “Neighbors” portion of the Ring app. Journalists had already showcased how Ring’s security standards were hot garbage. And while Amazon has taken some steps to address those concerns (like making two-factor authentication mandatory), this week it was revealed that Ring?s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app:

“While users? posts are public, the app doesn?t display names or precise locations ? though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.”


The disclosure comes on the heels of a similar report from Gizmodo last year that found it wasn’t too difficult to ferret out hidden data allowing journalists (and anybody else) to map the location of Ring users nationwide:

“Examining the network traffic of the Neighbors app produced unexpected data, including hidden geographic coordinates that are connected to each post?latitude and longitude with up to six decimal points of precision, accurate enough to pinpoint roughly a square inch of ground.”

Neat! Ring’s already facing a class action lawsuit from users not particularly happy about receiving death threats and racist slurs after their Ring smart cameras were hacked.

Purportedly, Ring’s Neighborhood functionality is generally supposed to help communities band together and discuss potential security threats. Kind of a neighborhood watch for the modern era. More often, however, the functionality results in people engaging in paranoid hyperventilation about minorities or homeless people getting a skosh too close to the azaleas.

If you’re going to be earning additional billions from selling access to consumer residential cameras to intelligence and law enforcement every year, it seems like the very least you can do is invest a little bit more in taking consumer privacy and security seriously, even if “caring about consumers” and “selling their camera surveillance and location data to any nitwit with a nickel” operate somewhat discordantly.

Filed Under: , , ,
Companies: amazon, ring

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Amazon Ring App Found To Be (Again) Exposing User Locations, Home Addresses”

Subscribe: RSS Leave a comment
Anonymous Coward says:

If you’re going to be earning additional billions from selling access to consumer residential cameras to intelligence and law enforcement every year, it seems like the very least you can do is invest a little bit more in taking consumer privacy and security seriously,

It seems to me that selling access to intelligence and law enforcement means that they do not take privacy seriously. Given the attitude of US cops, being seen at a demonstration would be enough for the camera being used to monitor visitors to your house.

Anonymous Coward says:

and just like every other industry and company in the USA that is making a fortune from customer data, regardless of the risks to customers themselves, not a damn thing will be done to stop or change this! so much privacy and freedom have been lost, or more like, taken away from us in the last 20 years-ish. i’ll bet the Founding Fathers etc are turning in their graves! all the revolutions etc just to keep independant of the English influence, governing and rules dictating what could and couldn’t happen or be done and a couple of hundred years later we are implementing ourselves the very rules that were deplored. where’s the sense?

Ed (profile) says:

Facts instead of hyperbole

While it is pretty egregious that location data is still attached to video that is shared to the Neighbors app, participating and using that Neighbors app is entirely optional. I have three Ring cameras. I don’t participate or use the Neighbors app because I found it to be a nuisance. It is filled with idiots who are paranoid and racist (that’s not hyperbole). The cameras themselves, and the video, are encrypted and protected by 2FA and one-time-use security codes. Even Ring techs can’t view video without getting a one-time-use code from me. Videos are also not just handed over to law enforcement. That would require a valid subpoena and me turning over passwords to my account. The years-ago incident of so-called "hacking" wasn’t actually "hacking" of Ring but examples of malicious actors taking advantage of idiot users with account passwords like "password", or even their home wifi being totally open with no security or password.

So, I’m not concerned about these BS things that gets reported because I know my setup is safe because I’m not an idiot. My cameras work very well and are secure.

Anonymous Coward says:

Re: Facts instead of hyperbole

2FA only protects the remote login to your account, and not the videos that are stored online. Also, the one time use code is to enable someone else to login to your account, and has nothing to do with video encoding. Neither has a lot to do with preventing Amazon looking at, or enabling others to look at your videos.

Anonymous Coward says:

Re: Facts instead of hyperbole

By Ring on January 13, 2021
Last fall, we announced that Ring would be the first major smart home security provider to offer video End-to-End Encryption to customers. We’re excited to announce that starting today, video End-to-End Encryption is rolling out to all eligible Ring devices. The feature is launching as a technical preview, and customers can share feedback on the feature via the End-to-End Encryption page in Control Center within the Ring App.

Starting today in a ‘technical preview’ – January 13, 2021.

10-days in is a little early to declare E2E-encryption beta a success.

Also, no mention of a secure erase feature previously stored recordings.

The article was about location leaking metadata in their social sharing network. Think EXIF data not displayed in app, but not cleansed from the file/feed either.

None of that has anything to do with the article we are commenting on. We are both superfluous & hyperbolic to the topic at hand.

Anonymous Coward says:

Re: Ethical behavior?

100% agree.
And I mean this is great until everything we own becomes IOT crap. I can’t live without a cell phone, but it absolutely is an IOT device.

What really needs to happen is that these companies get a slap that makes them change their behavior. filing a lawsuit is very personally profitable, but isn’t going to change their business dynamics to make them alter their behaviors to at least make their shoddy IOT products more secure.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...