Ring Is Making Extra Security Mandatory After Hacks, Lawsuit

Ring unveiled new security steps for customers when logging into their doorbell camera accounts, making two-factor authentication mandatory as the Santa Monica-based company battles criticism about privacy and unauthorized access to its technology.

The Amazon-owned company said in a blog post on Tuesday that the change is now rolling out to customers, and adds authentication to help "prevent unauthorized users from gaining access to your Ring account, even if they have your username and password." Users receive a one-time, six-digit code via SMS or email, and must enter that in before they can access the Ring account.

The beefed-up security measures come in response to a slew of reports of hacks, including one where a hacker was able to watch and communicate with an 8 year-old girl. The Amazon.com, Inc.-owned company unveiled its new privacy dashboard at the start of 2020 that allows people to see who has access to their device, but did not make two-factor authentication mandatory at the time.

"Our account safety and security is our priority," said Leila Rouhi, Ring's president. "We will stay vigilant and continue to give you more transparency and control over your devices and personal information, and help keep your home and Ring account secure and protected."

The authentication change also comes as a new federal lawsuit looms about privacy concerns. Amazon.com and Ring were sued in federal court in Los Angeles on Dec. 26, by a man who said his kids were playing basketball when a voice came on their Ring device's two-way speaker system commenting on their play and encouraging them to get closer to the camera. The plaintiff, John Baker Orange of Jefferson County, Alabama, then changed his password and enabled two-factor authentication. His password was previously "medium-strong" the lawsuit states.

The lawsuit filed as a class action states that the company has "attempted to distance itself from liability by blaming customers for failing to create strong security passwords" when their devices are hacked. But "it is Ring who failed to provide sufficiently robust security measures such as two-factor authentication and other protocols necessary to maintain the integrity and inviolability of its cameras.

"As a result of Ring's defective design, and its failure to imbue its WiFi cameras with sufficient security protocols, its customers' most basic privacy rights were violated along with the security and sanctity of their homes."

More recently, the company has been hit with criticisms about its sharing of user data with third-party service providers. Rouhi noted that the company will immediately put a temporary pause on the use of "most" third-party analytics services in the Ring apps and websites, while it works on giving users abilities to opt out of sharing their data with third-parties. Those additional options will be available in early Spring, Rouhi wrote.

Beginning this week, users will be able to opt out of sharing their information with third-party service providers for personalized ads.

Image courtesy of Ring

An image of the new required two-factor authentication that will greet users when they go to login to the Ring app. They will receive a unique six-number code via text or email to enter into their phone.

"You might think you built this amount of trust with Ring because there's this app that protects the home. But in reality they're sending that data to third parties, they're partnering with law enforcement across the country without their customer knowledge, they've been the subject of hacks that have revealed user passwords, and then they blame the customer for it," said William Budington, a senior staff technologist for the Electronic Frontier Foundation, a nonprofit digital rights advocacy group, in a recent interview with dot.LA.

__

Do you have a story that needs to be told? My DMs are open on Twitter @latams. You can also email me, or ask for my Signal.