Serious Amazon Ring Vulnerability Leaves Audio, Video Feeds Open To Attack

Mark Wilson shares a report from BetaNews: Security researchers from Dojo by Bullguard have discovered a vulnerability in Amazon's Ring doorbell that leaves it prone to man-in-the-middle attacks. As well as enabling a hacker to access audio and video feeds in a severe violation of both privacy and security, the vulnerability also means that an attacker could replace a feed with footage of their own. Revealing the security flaw at Mobile World Congress, Yossi Atias from Dojo, demonstrated how a feed could be hijacked and injected with counterfeit video. The vulnerability poses a number of risks. The ability to spy on audio and video feeds has obvious privacy implications, but it could also enable a hacker to monitor comings and goings to determine when a house will be empty. Using easily-available tools, it is possible to intercept Ring's RTP stream and extract a viewable MPEG video.

Re:Good news!

[b0s0z0ku]

Frankly, I don't want cloud storage as an option, unless it's encrypted with my own keypair. I don't want to buy a camera, then pay monthly for the privilege of contributing to Amazon's outsourced surveillance network.