Ring Rolls-Out End-to-End Encryption to Bolster Privacy

Written by

Controversial connected device company Ring has added video end-to-end encryption (E2EE) to some of its products in a bid to boost user privacy and security.

The Amazon-owned maker of smart doorbells first flagged the move last autumn, but will begin the roll-out this week as part of a “technical preview.

“By default, Ring already encrypts videos when they are uploaded to the cloud (in transit) and stored on Ring’s servers (at rest),” the firm explained in a blog post yesterday.

“With end-to-end encryption, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer’s enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device.”

That will go some way to assuaging customer concerns over who is viewing the videos shot by their doorbell camera.

Around a year ago, four Ring employees were fired after violating company policy when they were caught watching users’ videos.

“Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions,” Amazon said at the time.

Privacy concerns have also been raised over Ring’s decision to partner with hundreds of police forces across the US — although law enforcers have to request access to users’ videos within a certain time frame and geographic area.

The new E2EE feature will be available on the: Ring Video Doorbell Pro, Ring Video Doorbell Elite, Ring Floodlight Cam, Ring Spotlight Cam Wired, Stick Up Cam Plug In, Stick Up Cam Elite and Indoor Cam.

The move follows a roll-out of two-factor authentication (2FA) to all users in early 2020, to help mitigate the risk of strangers hijacking users’ cameras.

Last month, a new legal case was formed by joining together complaints filed by over 30 users in 15 families who say that their devices were hacked and used to harass them. They’re arguing, among other things, that Ring should have mandated 2FA and the use of strong passwords out-of-the-box.

What’s hot on Infosecurity Magazine?