Ring—which Amazon acquired in February—makes a smart doorbell that has a camera connected to Wi-Fi. And this Amazon doorbell has a security flaw that let a man harass his ex-boyfriend (via The Information).
Don’t Ring the Amazon Doorbell
Although Ring claims to have fixed the security flaw back in January, there are still problems. The software behind the doorbell lets users stay logged in on the app, even if the password was changed.
That’s exactly what Jesus Echezarreta found out. After breaking up with his boyfriend, he changed the password on the Ring doorbell. But his ex was still logged in, and downloaded video footage from the camera, and remotely rang the doorbell during the night.
Mr. Echezarreta contacted the company in January, around the time when the Ring app was updated. But Jaime Siminoff, CEO of Ring, told The Information that there are still problems. Users are now logged out when a password is changed and are required to log back in. But the process doesn’t happen right away, and it could take up to an hour for a person to be logged out.
Cases like this are exactly why I stay away from so-called “smart” home devices. There is too much risk for my personal taste, and I really don’t mind getting off my butt to turn lights on or off (although I do see the usefulness of a security camera you can access with your phone).
A Ring spokesperson reached out to us with a statement:
Ring values the trust our neighbors place in us and we are committed to the highest level of customer information and data security.
We strongly recommend that customers never share their username or password. Instead, they should add family members and other users to their devices through Ring’s “Shared Users” feature. This way, owners maintain control over who has access to their devices and can immediately remove users.
Our team is taking additional steps to further improve the password change experience.
Which is pretty standard: Don’t share your login information with others. But that doesn’t help in Mr. Echezarreta’s situation. If you change a password, you should be automatically logged out of all instances of where you are logged in. But now Ring has changed its system so that will be the case going forward.