Amazon’s Ring reportedly allowed employees to access to customer’s live video feeds. Ring denies these allegations, however, an anonymous source told Intercept that Amazon’s Ukraine-based research and development team, U.S executives, and engineers were given access to the live feeds around the clock. Many of the people given access did not need access to the videos for work.
Monitoring began in 2016 when employees were granted access to a S3 cloud storage service folder, which contained the video feeds. The videos could easily be viewed, downloaded, and shared with a click of a button. The videos were also left unencrypted because Amazon’s Ring leadership felt that a
“sense that encryption would make the company less valuable”
The Ukraine team used the video feeds to work out a software glitch that made it difficult for the firm to recognize differences between people and animals. This would often give off false alerts to customers. The team was also able to link videos with specific Ring customers.
Realistically, anyone with video access just needed a Ring user’s email address to view their cameras. The source told intercept:
“if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.”
The source also revealed that there were times where the employees would view each other’s cameras with permission.
The source also recounted instances of Ring engineers “teasing each other about who they brought home” after romantic dates.
However, this raises many questions because these employees could have been viewing customer’s video feeds just to spy and make fun of. The source recalled that at time employees would show each other videos of people kissing, firing guns, or stealing. Further, both interior and exterior camers could be viewed.
The company spokesperson, Yassi Shahmiri, commented on these allegations saying:
“We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring videos. These videos are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes.”
“Ring employees never have and never did provide employees with access to livestreams of their Ring devices”.
For security advisory solutions contact LIFARS today.