Skip to main content
d

Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses

Share This Post

By: Zack Whittaker

Doorbell Cameras Police

Image Credits: Jessica Hill / AP

A security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app.

Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues.

While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.

But the exposed data wasn’t visible to anyone using the app. Rather, the bug was retrieving hidden data, including the user’s latitude and longitude and their home address, from Ring’s servers.

Another problem was that every post was tied to a unique number generated by the server that incremented by one each time a user created a new post. Although the number was hidden from view to the app user, the sequential post number made it easy to enumerate the location data from previous posts — even from users who aren’t geographically nearby.

Ring Neighbors app (left), and the data it was pulling in, including location data (right). (Image: TechCrunch)

The Neighbors app appeared to have about 4 million posts by the end of 2020.

Ring said it had fixed the issue.

“At Ring, we take customer privacy and security extremely seriously. We fixed this issue soon after we became aware of it. We have not identified any evidence of this information being accessed or used maliciously,” said Ring spokesperson Yassi Shahmiri.

Last year Gizmodo found a similar bug in the Neighbors app that revealed hidden location data, allowing them to map out thousands of Ring users across the United States.

Ring currently faces a class-action suit by dozens of people who say they were subjected to death threats and racial slurs after their Ring smart cameras were hacked. In response to the hacks, Ring put much of the blame on users for not using “best practices” like two-factor authentication, which makes it harder for hackers to access a user’s account with the user’s password.

After it emerged that hackers were reportedly creating tools to break into Ring accounts and over 1,500 user account passwords were found on the dark web, Ring made two-factor authentication mandatory for every user.

The smart tech maker has also faced increasing criticism from civil rights groups and lawmakers for its cozy relationship with hundreds of U.S. police departments that have partnered with Ring for access to homeowners’ doorbell camera footage.

Source: Tech Crunch

Uncategorized
China targets 33 apps over misuse of private user data

Cyberspace Administration of China (CAC) has ordered 33 app developers to cease the practice of collecting private user data without first receiving consent from its users, under threat of penalties, the severity of which are yet to be clear.

Uncategorized
We All Need to Stop Only Seeing the Dark Side of Crypto

Popular perception in the developed world remains that crypto is at best the domain of meme-conversant Wolf of Wall Street-like figures and at worst of drug dealers. Regulators and policymakers seem to partially share that belief, as crackdowns and strict regulations are announced across the globe from China to Turkey to the US. And yet in the Global South more and more people are choosing to use a technology designed to help them keep their wealth safe from confiscation, tyranny, or arbitrary restrictions. Whatever you think of crypto, its role as a force for good in some parts of the world should not be ignored.

Innovation News
Facebook to hire 10,000 in EU to work on metaverse

“The metaverse has the potential to help unlock access to new creative, social, and economic opportunities. And Europeans will be shaping it right from the start,” Facebook said in a blog post.

The new jobs being created over the next five years will include “highly specialised engineers”.

Leave a Reply