Were Ring Customers Victimized by a Ransomware Gang?

Reading Time: 3 minutes

Joseph Cox at Motherboard reported that a ransomware gang claims to have broken into the cloud-based data compiled by Ring. Ring video doorbells and security products are commonly installed in Smart Homes that are compatible with Alexa.

There is now some debate about whether the claim by the cyber gang behind the Alphv ransomware was accurate. But this is not the first time security researchers questioned the integrity of Ring security systems.

In Why Home Automation in the Apple Ecosystem? I said:

… similar concerns exist around Amazon’s Ring Home Security Business Unit…. Zach Whittaker at TechCrunch reported in 2021 that Ring received over 1,900 legal demands for access to video from customer’s installed doorbells and security cameras….

Dave Aiello, Why Home Automation in the Apple Ecosystem?, January 25, 2023

One reason Ring gets so many subpoenas is their original security model. Prior to 2021, Ring stored all home security videos unencrypted and in the cloud. (The video is believed to have been stored on Amazon Web Services. And the video certainly was stored on AWS after Amazon.com acquired Ring in February 2018). This security video is owned by Ring’s customers.

Ring didn’t implement end-to-end encryption for home security videos until January 2021, and it was implemented as a configuration option, not by default.

Cox went on to say:

In 2019, hackers on a Discord channel began hacking a series of Ring cameras all over the country by reusing credentials exposed in earlier hacks. These hackers then terrorized their victims; in Tennessee, for example, a hacker broke into the camera installed in the bedroom of three young girls and spoke through the camera’s speaker to the girls and played the song “Tiptoe Through the Tulips” to the girls….

… Though Ring itself was not compromised during those incidents, the hackers did leverage weaknesses in the way Ring’s default security settings were set up. Since those hacks, Ring has changed some of its security practices to make it easier and more obvious for users to check their security settings.

Joseph Cox, Ransomware Group Claims Hack of Amazon’s Ring, March 13, 2023

Ring clearly needs to beef up security even further.

The big take away from this and other questions about Ring security is that HomeKit Secure Video (HKSV) represents a much more secure and private home security solution. If you are buying Ring because it has a big range of security products at attractive prices, think about the electronic security of your home.

What does Operation Gadget recommend instead of a Ring Video Doorbell?

HomeKit Secure Video Doorbells

Invalid table id.

There are two main options for HomeKit Secure Video Doorbells in the United States at the moment:

  • Logitech Circle View Doorbell debuted in December 2020. It was the first HKSV video doorbell, which somewhat explains the difficulty that early customers had with getting all of the features working. I explain the history in The Circle View Doorbell’s Stunning Improvement. My family and I have it installed and running at our house. It’s rock solid and really shows off the integration of HomeKit Secure Video doorbells into the Apple Home.
  • Wemo Smart Video Doorbell is the main competing video doorbell that is fully compatible with HKSV. The Wemo Smart Video Doorbell has a slightly wider field of view than the Logitech Circle View. The other main differentiator is dual-band WiFi support. This makes it slightly more flexible than the Logitech Circle View Doorbell. But in many homes, the 5 GHz WiFi band doesn’t reliably penetrate the exterior walls. If the doorbell is mounted outside, it may be far easier to keep the Wemo Smart Video Doorbell on the 2.4 GHz WiFi band.

I think both of these video doorbells are well suited to replacing an old, wired doorbell with a ringer box inside the foyer of your home. And because they are HKSV-compatible, they are more secure than almost any product you can buy from Ring.


by

Tags: