I guess people thought the product was a standalone security system. Turns out that was just the loss leader and they were the product [1]. Who would have expected that from a company that Google found a good acquisition target?
[1] also turns out their neighbors, who had no part and no say in the transaction, were the product too
"Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers," reports Motherboard: Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in -- entirely common security measures across a wealth of online services... Ring doesn't appear to check a user's chosen password against known compromised use
Even if they had 5FA, they'd still be a shit company... the data generated by their cameras is stored on Someone Else's (Amazon's) computer without encryption at rest. The average Joe doesn't realize how bad of an idea this is.
And that is just it. They shamelessly do it on-the-cheap, relying on ordinary people not knowing what a bad idea that is.
The issue isn't "on the cheap." It's that their entire business model (essentially creating a worldwide, private surveillance network) sucks rocks. Unless they started using encryption at rest and/or allowed for local storage, no "security" measures would change my opinion of them. Fuck Ring, fuck Amazon.
I expected to read that they came with default passwords, they don't support 2FA, etc - real problems. That's not the case.
The author of the article found that Ring doesn't add more security protections that nobody else does either, such as "Ring doesn't appear to check a user's chosen password against known compromised user credentials". Approximately no products do that. Turning off 2FA and turning it on again doesn't log out other family members. Okay maybe logging everybody off when you do that would
I guess people thought the product was a standalone security system. Turns out that was just the loss leader and they were the product [1]. Who would have expected that from a company that Google found a good acquisition target?
[1] also turns out their neighbors, who had no part and no say in the transaction, were the product too
"Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers," reports Motherboard:
Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in -- entirely common security measures across a wealth of online services... Ring doesn't appear to check a user's chosen password against known compromised use
Even if they had 5FA, they'd still be a shit company ... the data generated by their cameras is stored on Someone Else's (Amazon's) computer without encryption at rest. The average Joe doesn't realize how bad of an idea this is.
And that is just it. They shamelessly do it on-the-cheap, relying on ordinary people not knowing what a bad idea that is.
I expected to read that they came with default passwords, they don't support 2FA, etc - real problems. That's not the case.
The author of the article found that Ring doesn't add more security protections that nobody else does either, such as "Ring doesn't appear to check a user's chosen password against known compromised user credentials". Approximately no products do that. Turning off 2FA and turning it on again doesn't log out other family members. Okay maybe logging everybody off when you do that would