Ring Is Making Extra Security Mandatory After Hacks, Lawsuit
Tami Abdollah is dot.LA's senior technology reporter. She was previously a national security and cybersecurity reporter for The Associated Press in Washington, D.C. She's been a reporter for the AP in Los Angeles, the Los Angeles Times and for L.A.'s NPR affiliate KPCC. Abdollah spent nearly a year in Iraq as a U.S. government contractor. A native Angeleno, she's traveled the world on $5 a day, taught trad climbing safety classes and is an avid mountaineer. Follow her on Twitter.
Ring unveiled new security steps for customers when logging into their doorbell camera accounts, making two-factor authentication mandatory as the Santa Monica-based company battles criticism about privacy and unauthorized access to its technology.
The Amazon-owned company said in a blog post on Tuesday that the change is now rolling out to customers, and adds authentication to help "prevent unauthorized users from gaining access to your Ring account, even if they have your username and password." Users receive a one-time, six-digit code via SMS or email, and must enter that in before they can access the Ring account.
The beefed-up security measures come in response to a slew of reports of hacks, including one where a hacker was able to watch and communicate with an 8 year-old girl. The Amazon.com, Inc.-owned company unveiled its new privacy dashboard at the start of 2020 that allows people to see who has access to their device, but did not make two-factor authentication mandatory at the time.
"Our account safety and security is our priority," said Leila Rouhi, Ring's president. "We will stay vigilant and continue to give you more transparency and control over your devices and personal information, and help keep your home and Ring account secure and protected."
The authentication change also comes as a new federal lawsuit looms about privacy concerns. Amazon.com and Ring were sued in federal court in Los Angeles on Dec. 26, by a man who said his kids were playing basketball when a voice came on their Ring device's two-way speaker system commenting on their play and encouraging them to get closer to the camera. The plaintiff, John Baker Orange of Jefferson County, Alabama, then changed his password and enabled two-factor authentication. His password was previously "medium-strong" the lawsuit states.
The lawsuit filed as a class action states that the company has "attempted to distance itself from liability by blaming customers for failing to create strong security passwords" when their devices are hacked. But "it is Ring who failed to provide sufficiently robust security measures such as two-factor authentication and other protocols necessary to maintain the integrity and inviolability of its cameras.
"As a result of Ring's defective design, and its failure to imbue its WiFi cameras with sufficient security protocols, its customers' most basic privacy rights were violated along with the security and sanctity of their homes."
More recently, the company has been hit with criticisms about its sharing of user data with third-party service providers. Rouhi noted that the company will immediately put a temporary pause on the use of "most" third-party analytics services in the Ring apps and websites, while it works on giving users abilities to opt out of sharing their data with third-parties. Those additional options will be available in early Spring, Rouhi wrote.
Beginning this week, users will be able to opt out of sharing their information with third-party service providers for personalized ads.
"You might think you built this amount of trust with Ring because there's this app that protects the home. But in reality they're sending that data to third parties, they're partnering with law enforcement across the country without their customer knowledge, they've been the subject of hacks that have revealed user passwords, and then they blame the customer for it," said William Budington, a senior staff technologist for the Electronic Frontier Foundation, a nonprofit digital rights advocacy group, in a recent interview with dot.LA.
Subscribe to our newsletter to catch every headline.
It's never been a better time to "murder your thirst."
Seven months after raising more than $9 million in Series A funding, Santa Monica-based canned water startup Liquid Death has raised $23 million in Series B funding.
The round was led by an unnamed consumer-focused family office and participated in by Convivialité Ventures, Fat Mike (NOFX), Pat McAfee, existing investor in Velvet Sea Ventures and others.
You'll soon be able to take a rapid COVID-19 test before boarding a plane at Los Angeles International Airport.
Two design companies — one known for transforming shipping containers into pop-up businesses and homes, another that focuses on an eco-friendly approach to architecture — will erect modular COVID testing center at LAX by Nov. 1. New Jersey-based Clarity Labs will eventually staff those sites with technicians.