Regulatory accusations expose security lapses at Amazon’s Ring and Alexa

Amazon’s Ring and Alexa have come under fire from regulators, facing a range of security failures.

The US Federal Trade Commission via the Department of Justice charged two Amazon companies with privacy breaches, shedding light on disturbing incidents. It was revealed that an engineer had unrestricted access to customers’ bedrooms, spending over an hour daily viewing footage without detection by Ring, for months. Shockingly, when a female colleague reported this activity, she was allegedly dismissed, being told it was “normal” for an engineer to access numerous accounts. Only when the supervisor noticed the engineer exclusively viewing videos of “pretty girls” did the matter escalate.

The Federal Trade Commission (FTC) complaint against Ring further accused the company of neglecting to address the vulnerability of its cloud services to credential stuffing and brute-force attacks. As a consequence, the accounts of 55,000 US-based Ring customers were compromised, allowing bad actors to gain access to “hundreds of thousands of videos capturing consumers’ personal spaces at home.” These malicious individuals also seized control of users’ accounts, enabling them to interact with customers through their Ring devices. Shockingly, victims reported hearing hackers uttering profanities and racist slurs.

Although Ring responded to the 2017 incident by limiting video access for customer service personnel, access to videos remained available to other employees, as stated by the regulatory body. The lack of proper training on handling private data among staff further highlights the urgency for IoT device manufacturers to prioritize customer privacy and address security vulnerabilities seriously.

This case serves as a stark reminder of the importance for companies to uphold their responsibility in safeguarding customer privacy, particularly in the realm of IoT devices with inherent security risks.

Leave a Reply

Click here to opt out of Google Analytics