Ring Doorbell Neighbors App Caught Leaking Precise User Location Data
If people trust their information with businesses tasked with keeping them safe, those companies should at least try to take security seriously. It seems that is not necessarily the case, as a flaw in an app created by Ring was exposing precise location data of customers who posted to the app, when it should have been hiding it.
Ring is a smart doorbell and IoT company that created the Neighbors app in 2018, around the same time Amazon completed its acquisition of the company. The Neighbors app was something of a social app where Ring doorbell owners could anonymously share videos that show crime. Think along the lines of a digital neighborhood watch with video footage.
Since the posts remain anonymous, the app never gave locations or any other data to viewers. However, the bug found in Neighbors allowed people to extract location and other data from posts on the app. Some nefarious people, such as those who would be caught on a Ring camera, could get ahold of latitude, longitude, and home address of the person who posted the video. What’s more, is that the app had an incremental ID for each video posted, so it was easy to backtrack and get other Neighbor post information.
According to TechCrunch, Ring reports that they have patched the bug since it was discovered. In late 2020, we reported on several cheap or knock-off smart doorbells were vulnerable to intruders. It just seems that any security product or app can be vulnerable, so perhaps it is best to always use proper security practices no matter what solution you select.
