A security flaw founded in Ring’s video doorbell can let others access camera footage even if homeowners have changed their passwords, according to media sources.
This can happen after a Ring device owner gives access to the Ring app to someone else. If it is given to an ex-partner, for example, after the relationship turned sour, the partner may still monitor the activity outside the front door using the camera, and download the video and control the doorbell from the phone as an administrator.
It doesn’t matter how many times Ring device owners have changed the password, the Ring app will never ask users to sign in again after the password is changed.
Ring was notified of the issue in early January and claimed to have removed users who were no longer authorized. However, in the test carried out by media outlet The Information’s staff, these ex-users could still access the app for several hours.
Jamie Siminoff, CEO of Ring, has acknowledged the issue and responded that kicking users off the platform apparently slows down the Ring app.
After the issue was reported, Ring made another statement, suggesting that Ring customers should never share their usernames or passwords. The company recommended that other family members or partners sign in via Ring’s “Shared Users” feature.
In this way, device owners have control over who has access and can immediately remove users if they want.
“Our team is taking additional steps to further improve the password change experience,” said Ring in a statement.
Ring was acquired by Amazon for US$1 billion at the beginning of this year. Amazon operates in-home delivery service, the Amazon Key, relying on security devices at the front door such as smart doorbells, door locks and security cameras.
Any security flaws like the one found in Ring will make it difficult for the e-commerce giant to convince people that it’s safe for Amazon’s delivery people to enter their houses when nobody’s home.