Hackers have cracked several Amazon Ring devices over the past few weeks, raising some serious security concerns. A string of security breaches and information leaks have plagued the home products right before the peak of the holiday season. This month alone, over a thousand Ring users’ home addresses were found on popular dark-web sites, and a man had a full conversation with a girl through a camera installed in her bedroom.
Ring is a series of home security products that are currently available on Amazon despite the glaring issues. Among them are wifi-enabled electronic doorbells with cameras, alarms, and sensors to warn against water damage. All of these devices can be interacted with from any device that can host the Ring application. Ring messaged users that they have looked into the issue, but no action has been taken. “We have investigated this incident and have no evidence of an unauthorized intrusion or compromise of Ring’s systems or networks,” Ring said in a blog post on their website.
Related: Amazon Is Planning Its Own Game Streaming Service for Next Year
While it’s good that the breaches aren’t a result of Ring’s infrastructure, the company isn't stepping up to implement any security enhancements, either. Instead, Ring instructs their users to activate two-step authentication (a process that experts advocate should be mandatory) and other generic security measures like not sharing passwords. Motherboard tested Ring’s security and reported that it was subpar at best. An anonymous member of a hacking forum said that requiring SMS verification whenever an account is accessed from unknown IP address could drastically increase security. Purchasing any of the Amazon Ring products might not be a good idea right now. While the risk of a security breach can be mitigated, it shouldn’t be expected for consumers to do more than the bare minimum. Though, if that’s not possible, two-step verification can be enabled via the Ring app. Aside from that, as Ring’s blogpost stated, there’s not much else to do apart from the usual security steps.
Being a device that needs to keep information safe, Ring has a simple password and email verification like many other online services. Email services like Gmail have simple login procedures, but also check IP addresses so that if a login is attempted from anywhere that’s not normal the account owner is notified. Amazon Ring has no such feature. Even Twitter has this simple function. There are other things, like limiting the number of users who can be connected at any time and recording login locations. Still, the bare minimum should be to ensure that users are aware of suspicious activity.
Ring's dismissive response sounds like it will be unlikely for them to make any adjustments to their current setup. So instead of purchasing an Amazon Ring this holiday season, you might want to try some of their competitors, like Google Nest or Arlo.
Source: Vice
from ScreenRant - Feed https://ift.tt/2rrhcX4
0 Comments