Hustvedt
During the investigation, The Intercept journalists found out that employees of Ring startup specializing in the production of smart gadgets in the field of home security treated the data of owners of their devices very casually: not only they had access to archived records, but also could observe what was happening in customers' homes in real time. So, according to informed sources, since 2016, an Ukrainian team of programmers had almost unlimited access to a folder in the Amazon S3 cloud service, which contained the videos captured by Ring.
When transferring access, the files were left in unencrypted form due to Ring management’s fears that the introduction of encryption would negatively affect the company's market value.
In addition, a group of US developers with privileged access to the technical support portal could watch live video around the clock, regardless of whether it was really necessary for business purposes. At the same time, to start the broadcast, it was necessary to know only the mail of the owner of the devices.
Programmers were able to view the video to refine the recognition system algorithms: for example, a smart door lock did not always correctly distinguish between living and nonliving objects. So, the system could take a tree on the street for a potential thief, and users received alerts about burglary because of a passing car or foliage falling from a tree. Refinement services were rebuilt in manual mode - the developers labeled objects depending on their affiliation. Moreover, the startup privacy policy does not specify the means by which the system recognizes objects.
Sources of the publication point out that they did not find any gross violations, but discovered a number of inappropriate situations. For example, the developers looked at the recordings from the outer and inner chambers of their colleagues and joked about those with whom they returned home after the dates.
Commenting on the results of the investigation, Ring spokesman stated that "Ring employees never had and did not give employees access to watch the video in real time."
source: theintercept.com
When transferring access, the files were left in unencrypted form due to Ring management’s fears that the introduction of encryption would negatively affect the company's market value.
In addition, a group of US developers with privileged access to the technical support portal could watch live video around the clock, regardless of whether it was really necessary for business purposes. At the same time, to start the broadcast, it was necessary to know only the mail of the owner of the devices.
Programmers were able to view the video to refine the recognition system algorithms: for example, a smart door lock did not always correctly distinguish between living and nonliving objects. So, the system could take a tree on the street for a potential thief, and users received alerts about burglary because of a passing car or foliage falling from a tree. Refinement services were rebuilt in manual mode - the developers labeled objects depending on their affiliation. Moreover, the startup privacy policy does not specify the means by which the system recognizes objects.
Sources of the publication point out that they did not find any gross violations, but discovered a number of inappropriate situations. For example, the developers looked at the recordings from the outer and inner chambers of their colleagues and joked about those with whom they returned home after the dates.
Commenting on the results of the investigation, Ring spokesman stated that "Ring employees never had and did not give employees access to watch the video in real time."
source: theintercept.com