Podcast Episode Details
Back to Podcast Episodes
Ring Doorbell Privacy Concerns, Recent Password Breach News, Biometrics and Fifth Amendment Rights
This is your Shared Security Weekly Blaze for January 21st 2019 with your host, Tom Eston. In this week’s episode: Ring doorbell privacy concerns, news on a recent password breach, and a new ruling on biometrics and Fifth Amendment rights.
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Amazon, who now owns popular smart doorbell maker Ring, is being accused of mishandling video footage from customers’ cameras. In a report from the Intercept, Ring is accused of mishandling videos that were taken from their line of smart home security cameras and allowing unrestricted access by internal employees to these videos. According to the article, in 2016 Ring moved its R&D operations to the Ukraine in a cost saving measure and the team had quote “unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world.” end quote On top of that, there was a database that allowed internal users access to run a search on any videos linked to a particular user and Ring executives and engineers in the US were allowed quote “unfiltered, round-the-clock live feeds from some customer cameras.” end quote
Apparently, Ring uses this team in the Ukraine to manually tag videos so that one day Ring’s AI technology could be trained to leverage this type of metadata. Video’s from Ring’s line of smart cameras can contain video from outside and inside someone’s house. Ring responded to the Intercept article with the following statement quote
“We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring videos. These videos are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes.” end quote. There was more to their statement about their internal policies but I think you get the idea. The Intercepts sources for this story, of course, dispute these claims from Ring’s management.
While one can argue the trustworthiness of this article, it does have a great point to it. If you’re using a smart device like a Ring doorbell camera that saves its video or data to the cloud, you should probably assume that someone else will most likely be able to view your data. Regardless of what the companies privacy policy or terms of use say, there will always be ways for internal employees to access this data. From customer support situations or using your data to improve their own technology, companies will find creative ways to leverage incredibly valuable private information, especially from video feeds.
Organizations’ internal networks are overly permissive and can’t distinguish trusted from untrusted applications. Attackers abuse this condition to move laterally through networks, bypassing address-based controls to spread malware. Edgewise abstracts security policies away from traditional network controls that rely on IP addresses, ports, and protocols and instead ties controls
Published on 6 years, 11 months ago