In late 2019, there was a string of alarming incidents in which hackers gained unauthorized access to Ring security cameras. These activities invaded the homeowners’ privacy. Residents endured verbal harassment from strangers through the cameras’ speakers. Some of the victims were children.
One of the victims of these alleged attacks filed a class-action lawsuit against the smart-doorbell manufacturer Ring and parent company Amazon. The suit alleges that both companies failed in their responsibility to safeguard the devices. According to Engadget, Ring responded to the customer’s initial complaint by informing him that there was no evidence of an attack on the firm’s infrastructure. Rather, the company claims that the cameras were vulnerable because end-users did not take adequate precautions. Ring suggests that enabling two-factor authentication or using a stronger password should resolve the problem.
The lawsuit is still pending. Customers will have to wait and see whether the court will hold Ring and/or Amazon liable for the breaches. However, Motherboard Tech by Vice suggests that the companies may have been disingenuous in disavowing any responsibility for the hacking incidents. Reporters conducted an experiment to see how easy it was for people with unauthorized access to a user’s email address and password to access the cameras.
They found that Ring cameras do not employ basic security measures available across a range of online services. For example, there is no way to check how many users have logged in at one time. There is also no communication from the company to double-check the legitimacy of a log-in from an unfamiliar IP address.
Ironically, families install these devices in their homes for protection. Customers must await the outcome of the lawsuit to see whether the court will compel the companies to provide more complete security.