It’s one thing when a vulnerability is discovered and show that your device isn’t as safe as you thought it was. But when that vulnerability is found in your video doorbell, that can be quite alarming. It’s been discovered that after you change your password on the Ring doorbell, anyone who has your prior password can still gain entry.
The Ring Vulnerability
Assumably, this is a problem Amazon wasn’t looking for when they recently acquired the Ring company for $1 billion. In this major security flaw that was discovered, once a user changes the password, the Ring doorbell doesn’t require them to log back in.
It defeats your reason for wanting to change your password to begin with. Someone had your password, or you suspected they did, so you changed it. This could have been because someone stole your password or because you gave it to someone and then later fell out of favor with them. But you don’t still want them to have access to knowing who’s coming and going from your house, so you change the password.
Ring was notified of this vulnerability in January, and they claimed they removed all the users who were no longer authorized. But the website “The Information” tested it and found that for “several hours” former users were still able to access the app after the password was changed.
Jamie Siminoff, Ring’s CEO, acknowledged the vulnerability, noting that eliminating access to a prior user slows the Ring app. In that window of time while the prior password is still usable, that person with the old password can watch your door or download videos. Basically, they can control your Ring doorbell as if they were an active administrator.
Amazon Addresses the Vulnerability
The Ring doorbell wasn’t just being used to keep people out. They are also being used for Amazon deliveries with the Amazon Key program. This allows Amazon to make deliveries inside your home if you’re out. They access your home, leave the package, and exit, and you can watch them inside your house with the Ring. But this vulnerability makes it hard to trust it.
Ring issued a statement explaining that they will be making further security measures, and in the meantime they suggest you avoid giving unnecessary people access to your doorbell, but you can give your code to just one person, the person you share your home with, and if something happens to that relationship, and they move out, you’re now vulnerable.
“Ring values the trust our neighbors place in us, and we are committed to the highest level of customer information and data security,” the company said in the statement.
“We strongly recommend that customers never share their username or password. Instead, they should add family members and other users to their devices through Ring’s ‘Shared Users’ feature. This way, owners maintain control over who has access to their devices and can immediately remove users. Our team is taking additional steps to further improve the password change experience.”
All Does Not Always End Well
This goes beyond the Ring doorbell, though. This should make us question everything. If a device designed to keep us safe is shown to not be as safe as it was said to be, even when it is connected with a big company like Amazon, there can still be issues. It makes it hard to trust anything.
Does this change your thinking regarding how you use your devices and who you share your passwords with? Do you have a Ring doorbell and are now rethinking it? Let us know how you feel about this news below in the comments section.