DING DONG, DOH! That's the sound of a security flaw in Ring's smart doorbell that lets people watch video captured by the gadget even after a password change.
The Amazon-owned smart home device features a camera so that it can record the people who come to the door so users can see if they're getting visits from legit or dodgy callers.
But The Information discovered that anyone who previously had access to the accompanying Ring app could watch the captured videos, even if the main user had changed the password.
Such a flaw lead to one Ring user, Jesus Echezarreta, getting berated by his ex-boyfriend for not walking his dog enough. When asked how the he how many times the canine was taken out, the ex said he was checking up on Echezarreta through the Ring app, even though the password had been changed.
Rig said it has fixed the flaw and password changes to the smart doorbell's app results in no-longer-legit users getting kicked off. But chief executive Jamie Siminoff told The Information that this doesn't happen for few hours after the password change. As such, there a window of opportunity for disgruntled exes and creepy snoopers to watch and download videos through the app before they're imminent kicking-out happens.
Siminoff said the company was trying to lower the time it takes for people to be kicked out of the app once the password changes.
Such a security problem could be a future headache for Amazon, as while the smart doorbell doesn't provide access to a user's home, Amazon might have plans to integrate it into its Key service. Amazon Key allows delivery people to use a code to gain access to a person's home to drop off a package when they're not in.
One can imagine that if the Ring flaw gets mixed up with Amazon Key it could allow nutters to gain illegitimate access to their ex's home.
As such, Amazon will need to be pretty careful with how it creates its smart home security tech, as we doubt future users will find the irony of products designed to make a home more secure introducing security flaws particularly amusing. µ
Could your next colleague be a bot?
Remove the tech or face the courts, threaten privacy advocates
OK Google... sell me stuff I didn't know I wanted
OxygenOS 5.1.7 also fixes issue related to 'Do Not Disturb' scheduling