Ring Doorbell begins using p2p encryption

Esteban Suárez

Ring Doorbell has started to take the security of its users seriously and it shows this by applying P2P security to both wireless and wired transmissions of its devices, this change is made in line to mitigate the security flaws that They had been present since 2019.

Case Background

Video footage from Ring security cameras is stored in cloud services. These videos were not encrypted, allowing staff to access live and recorded feeds from client cameras around the world. Reportedly, the only information needed to gain access was the customer’s email address.

According to The Intercept, Ring engineers and executives have “highly privileged access” to live camera feeds from customer devices. This includes both doorbells to the outside world and cameras inside a person’s home. A team tasked with annotating videos to aid in object recognition captured “people kissing, shooting guns, and stealing.” [Update: According to Ring, annotation is only done on “publicly shared Ring videos”.] US employees specifically had access to a dedicated video portal for helpdesk that reportedly allowed “24-hour unfiltered live feeds from some customer cameras.” What’s amazing is how this support tool was apparently not restricted to just employees dealing with customers […]

The Intercept notes that only a Ring customer’s email address is required to access any live stream […]

Meanwhile, a second group of Ring employees working in R&D in the Ukraine had access to a folder containing “all the videos created by all the Ring cameras in the world”. Furthermore, these employees had a “corresponding database that linked each specific video file to the corresponding specific Ring customers.”

Amazon, which acquired Ring in 2018, later fired employees who abused this access.

However, this was not the end, concerns were also raised when police were able to privately contact Ring Doorbell owners to request access to video footage.

Such use has proven controversial, with concerns raised that the images may include uninvolved bystanders. Video of them can end up being held indefinitely in police systems.

Amazon updated its processes so that, in the future, these types of requests would have to be public.

Ring Doorbell increases security

Ring offered the option of end-to-end encryption for its wired doorbells, but not for the wireless ones. The Verge reports that this has now changed.

Ring now offers end-to-end video and audio encryption on its battery-powered video doorbells and security cameras, more than a year after adding the option to its wired and connected devices. End-to-end encryption allows users of the company’s video cameras to keep their footage locked, making it accessible only on their registered iOS or Android device. Separately, Ring also makes it easy to store recorded video when an owner sells or disposes of a Ring device.

With end-to-end encryption enabled, no one but the owner of the camera can access the recorded images. Even if law enforcement asked Ring, or its parent company Amazon, for the video, they couldn’t provide it. Only the registered mobile device can unlock the video.

End-to-end encryption has drawbacks

End-to-end encryption is an optional setup, and the site notes that you should make sure you’re aware of the downsides first.

With end-to-end encryption enabled, users lose the ability to preview videos in the Ring app event timeline view and in rich notifications that show a snapshot of the action on the notification before opening the app.

Additionally, shared users of Ring devices cannot view videos on their devices, and no users can share videos from the Ring app or view images on Echo Show devices or third-party apps. End-to-end encryption also disables Alexa Greetings and Quick Replies, where a Ring video doorbell can automatically respond to a visitor. Bird’s Eye View will also not work, an option on some Ring cameras that shows the path a visitor has taken to the doorbell or camera.