Privacy move. Smart doorbell maker adds encryption to protect video streams after security scares
Ring, the smart device manufacturer owned by Amazon, is to bolster the security of its smart doorbell devices.
It announced that from 13 January, it will begin to “offer customers video end-to-end encryption (E2EE).” The firm is offering it “as a technical preview” on eight Ring cameras, including doorbell, indoor, and outdoor models, and customers can share feedback on their experience.
It comes after a number of security worries in the past year. In January 2020 for example, an investigation by the Electronic Frontier Foundation (EFF) warned the Ring Android app was “packed with third-party trackers” that was sending out a “plethora of customers’ personally identifiable information (PII)” to five analytics and marketing companies.
Then in March 2020 privacy concerns was raised again after it was reported that Amazon kept records of every motion detected by its Ring doorbells.
This was coupled with a safety issue in November when Ring urged hundreds of thousands of doorbell customers to download new instruction manuals, after receiving reports that some of them had caught fire in the US and Canada.
Into this Ring has confirmed in a blog post that is starting to add support for end-to-end encryption to its cameras, in order to keep video streams encrypted between the camera through to the device it is being streamed to.
“Last fall (September), we announced that Ring would be the first major smart home security provider to offer video End-to-End Encryption to customers,” blogged the firm. “We’re excited to announce that starting today, video End-to-End Encryption is rolling out to all eligible Ring devices.
“The feature is launching as a technical preview, and customers can share feedback on the feature via the End-to-End Encryption page in Control Center within the Ring App,” it said.
“By default, Ring already encrypts videos when they are uploaded to the cloud (in transit) and stored on Ring’s servers (at rest),” Ring stated. “With End-to-End Encryption, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer’s enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device.”
The firm said that as the feature rolls out over the coming months, customers can enable the feature from Control Center in the Ring App.
The arrival of end-to-end encryption comes amid concern at Ring’s Neighbors app, which allows Ring users to share video with people nearby, and for local law enforcement to request access to footage.
In November for example, police in Jackson, Mississippi, requested access to resident’s smart doorbells.
It was reported that police in that US city were conducting a 45-day pilot program to live stream the Amazon Ring cameras of participating residents, prompting privacy worries.
The addition of end-to-end encryption was picked up by a security expert, who noted it was long overdue.
“Ideally, end-to-end encryption would have been installed before it went to market for the protection of its users,” said Jake Moore, cybersecurity specialist at ESET. “However, this is a case of better late than never.”
“Every time you add a smart device to a home network, you lose a little more control and increase the possibility of an attack,” said Moore. “Each IP in the home comes with a certain level of risk – and this risk can not only be managed by the manufacturers. Ring owners must also make sure they use a strong password and multi factor authentication.”