Friday, 11 January 2019

Ring employees reportedly had open access to customer’s video feeds

  • A report claims that Ring employees had almost nonrestricted access to customer’s video feed and recorded clips.
  • All a Ring employee had to do was know someone’s email address to have a live feed from a person’s cameras.
  • Fortunately, the report’s sources have no knowledge of the system being used maliciously by the company or its employees.

Consumer-level smart video doorbells and security cameras have become immensely popular, but some worried that the video feeds could be hijacked by those with malicious intents. Thanks to a report from The Intercept, Ring customers should be more worried about the company’s employees watching them than anyone else.

According to the report, Ring’s employees and executives had access to live footage from cameras places outside and inside customer’s homes. A source told The Intercept that customers were unknowingly watched by a team of engineers annotating videos to help team automated object recognition software.

What’s even scarier is that all an employee reportedly needed in order to find someone’s live video feed was their email address. The video portal was meant to be used by customer service, but access to the tool was open to any U.S. employee.

Although the source said they never personally witnessed any egregious abuses, they told The Intercept “if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.”

And it doesn’t stop there. In addition to Ring deciding against encrypting video files as it was a costly endeavor that would also lose the company revenue opportunities, R&D employees in Ukraine had access to a folder with “every video created by every Ring camera around the world.” Using a corresponding database, those same employees could link specific video files to the owner’s Ring account.

Editor's Pick

If there is a silver lining to this entire report, it’s that The Intercept’s sources state that they never saw anyone take advantage of the system. This is fortunate as many were reportedly aware of the lax security measures and openly talked about them in the workplace.

As you might remember, Amazon bought Ring about a year ago for over $1 billion. This acquisition took place around the time that the company was launching its Key program which allowed delivery drivers to drop off packages inside customer’s homes.

In the time since Amazon acquired Ring, the company has reportedly placed stricter restrictions on customer’s videos. Unfortunately, the report’s sources state that employees can easily bypass the security measures if they wanted.

When questioned about these allegations, an Amazon spokesperson stated that the company had strict policies in place that restricted access to customer data.



from Android Authority http://bit.ly/2AHW6VJ

0 comments: