Amazon’s Ring security cameras have proved to be hugely popular, but their security practices have been pretty lax. Rather belatedly, the company is trying to change this.
Over the last few months, the internet-connected doorbells have faced a myriad of privacy and security concerns (beyond the primary surveillance capabilities of the product). The IoT cameras allow owners to see who is outside their house and talk to them through microphones installed in the device. The recording of activity and motion capture technology can lead to intimate moments being captured. And police forces around the world have taken an active interest in accessing video captured by the cameras.
However, there have been security and privacy concerns raised about the devices. In December Vice tested the company’s security and found a lack of basic protections to prevent user accounts being taken over. The US civil liberties group EFF has also found that Ring’s Android app sends out personal information to third parties, including Facebook and other big data companies.
Amazon is now updating Ring’s services to counteract some of these flaws. Here’s what you can do to best lock down your account and make it that little bit more private. Many of the changes below are contained within Ring’s control centre, part of its app that allows people to control its settings.
Control who has access
You can allow multiple people to access Ring devices on your account – other family members or visitors can see camera feeds on their devices. This means people can view stored videos and answer and receive alerts when the doorbell is pressed. Adding shared users is better than sharing your login details with people but it also need managing.
If you’re consistently changing who can access your account, it is worth checking who has access to what. Through the control centre you can see the Ring accounts that have access to what devices you own and revoke permissions.
The same goes for devices. If you’ve lost, replaced, or had devices stolen, you should check what hardware has access to your account. Through the authorised client devices section within the control centre it’s possible to see which phones and tablets are logged into your account and then log them out remotely. It’s one way of controlling what has access to your Ring setup.
In December, there were a number of cases where Ring accounts were hijacked. One person accessed an in-house camera to shout racial abuse at the people in the room it was based in. Another camera in a child’s bedroom was accessed.
Ring has made two-factor authentication mandatory. Two-factor authentication requires a new user signing into a Ring account to prove they should have access to an account.
This is done through a code that’s sent to a previously registered device. Ring lets users have a verification code sent via SMS or to a registered emailed account. (The methods are not as foolproof as using a verification app or security key but are a step in the right direction). The company also sends login notifications when an account is accessed, which you should keep an eye out for.
Limit third-party data sharing
After it was found that Ring’s app was sharing data to other companies, Amazon has “paused” the process. The company says it is working on ways to opt out of their information being shared outside of Ring.
However, it has already included the option of not having your information used for personalised advertising. “If you opt out, Ring will not share the information required to serve you personalised ads, though you may still see non-personalised Ring ads from time to time,” the company says. You can opt of adverts through Ring’s control centre.
Set privacy zones
The camera outside of your house doesn’t have to record everything it sees. There is a way to limit the camera’s field of vision. To do so, open the Ring app and tap on the camera view, then video and privacy settings. Here you’ll find edit privacy zones and you will be able to draw an area to be excluded from the camera view using a finger on the screen. Creating the privacy zone will stop that area from being recorded.
Use a strong password
This doesn’t just apply to Ring, its standard advice for every website and app you use. If you reuse the same password from one website to another and it is compromised (or deceptively simple) then hackers will be able to access every account where you use that password. See: Deliveroo accounts being compromised with hackers ordering themselves food.
All passwords you use should be unique and strong: a mixture of unrelated words or complex strings of numbers and letters are harder for automated software to crack. You won’t be able to remember all of your strong passwords, so it’s best to use a password manager instead. A password manager will create and store your passwords.
Matt Burgess is WIRED’s deputy digital editor. He tweets from @mattburgess1
More great stories from WIRED
🏙️ A huge Airbnb scam is taking over London
🚙 Thinking of buying an electric car? Read this first
🍅 Why do modern tomatoes taste so bad?
📢 How Slack ruined work