Who’s to blame in the Ring privacy breaches and subsequent lawsuits filed late 2019 and early 2020 against owner Amazon? Plaintiffs point the finger at potentially insecure Ring devices, while the maker’s defense is customers using weak logins or reusing passwords.
Multiple class-action lawsuits have been filed against Ring and Amazon with numerous reports of hackers infiltrating the company’s camera systems, according to Classaction.org, a legal advocacy group.
Specifically, the complaints claim cameras cannot ensure the safety of customers’ accounts--and therefore their homes--due to Ring’s failure to require two-factor authentication; double check whether someone logging in from an unknown IP address is the actual account owner; provide a way for users to check to see if more than one person is logged in at a time; and offer protection against hackers that use “brute force” to unlock accounts.
Ring, acquired by Amazon in 2018 for $1 billion, continues to fortify its network of users. It recently announced at CES 2020 its expansion into new markets with an access gate controller and series of products under the Ring X name designed solely for the professional installer. Formerly known as DoorBot, the product began as a Wi-Fi connected video doorbell solution, expanding into home security following the acquisition.
It’s hard to know what will be uncovered during the proceedings, but default passwords and insecure logins without two-factor authentication still plagues even professional security systems. As more devices become connected to the internet, noticeable vulnerabilities will continue to pique privacy concerns among doorbell camera and other Wi-Fi device users.
Two couples in California asserted their Wi-Fi surveillance cameras were hacked and filed a lawsuit against Ring and Amazon on Jan. 3 in U.S. District Court in California by seeking class-action status. Plaintiffs in the lawsuit accuse the companies of negligence, breach of implied contract, invasion of privacy and other violations. They claimed the company did not implement security features such as two-factor authentication and failed to inform users of outsider threats by suspicious login attempts.
The Jan. 2 lawsuit referenced similar incidents that occurred across the country and said the company isn’t adequately protecting consumers and stems from an incident where someone hacked into a camera in their daughter’s bedroom. The plaintiffs cited many other similar breaches and violations that warranted a class-action certification.
Factual allegations in the court filing stated, “Ring promises that it takes security seriously and will safeguard consumers’ private information. In contrast to its public promises, Ring has failed to implement basic cybersecurity protections to guard their customers’ devices from unwanted access and intrusion by third parties.”
On Dec. 26, 2019 also in the U.S. District Court in California, a similar lawsuit was filed by an individual in Los Angeles seeking $5 million in damages and a jury trial and alleged negligence, invasion of privacy, breaches of implied warranty and contract, unjust enrichment and violation of California’s Unfair Competition Law. The lawsuit claims the hack occurred Dec. 9, a few days after another incident in which a man breached a Ring device to talk to and intimidate an 8-year-old girl in Mississippi. The girl’s parents are also plaintiffs in the lawsuit.
Ring answers with Control Center
On Jan. 30, Ring announced on its blog the release of a new Control Center dashboard interface and app designed to “empower Ring customers with important privacy and security settings.” The blog stated: “We believe that privacy, security and user control are more than just ideas; they’re the tools our customers use to help protect their homes, their loved ones and their neighborhoods.”
Ring initially announced the development of the Control Center on Jan. 6 as part of CES 2020.
According to Ring, the Control Center lets users manage privacy and security settings from the dashboard where they can verify if two-factor authentication is enabled; manage shared users on their account; and view and remove all devices and third-party services with access to their Ring account.
Jamie Siminoff, Ring founder and chief inventor said in the company press release: “Ring enters 2020 with a robust lineup of security devices, and we will continue to focus on innovating new products while enhancing our customers’ experiences especially around privacy and user control. This is why we’re releasing a dedicated section of the Ring mobile app called Control Center where users can view and control their privacy and security settings. And with the launch of new Ring Access Controller Pro and new Ring Smart Lighting devices, we’re excited to offer our customers over 50 different products they can choose from to build their custom, whole-home security system.”
Manufacturers seem to understand the critical necessity of data privacy, but the era of billions of connected devices will certainly put integrated systems to the test.