Ring Footage and Neighbors App Used to Find Location of Tens of Thousands of People
The combination of the Neighbors app and Amazon Ring cameras allowed researchers to pinpoint the location of smart doorbell users without needing access to anything that would violate terms of service.
A Gizmodo investigation showed how technical users could gather private location information about Ring doorbell users that would not be available to the public at large. Amazon assures its customers that Ring data won’t land in the wrong hands, but that doesn’t seem to include law enforcement.
Amazon reached agreements with more than 600 law enforcement agencies from all over the United States, giving them access to camera footage without requiring a warrant. This in itself is a problem, as it’s unclear just how many people in the chain have access to the video files, which is already subject to Congress inquiries into the matter.
The problem arises from the use of an app called Neighbors that is used by communities to share details about real-time crimes and alerts, with some data from law enforcement. People who share events on Neighbors can also attach Ring videos, but it’s not a requirement.
According to Gizmodo, in cities where Amazon has a partnership with law enforcement, officers can check out a location on a map, and all Neighbors users within that area are alerted. In theory, the police don’t know which camera owners receive a request, but that hasn’t stopped researchers from creating detailed maps with the location of more about 20,000 Ring owners.
It’s not the first time someone uses public data to pinpoint people with Ring doorbells and Neighbors. MIT (Massachusetts Institute of Technology) PhD student Dan Calacci built a map representing all Ring videos uploaded to Neighbors since 2007. Adding the fact that many Neighbors users also share their real address, gathering relevant data wasn’t tricky.
Amazon didn’t deny that it would be possible for technical users to find the exact location data and issued a simple statement. “Only content that a Neighbors user chooses to share on the Neighbors App is publicly accessible through the Neighbors App or by your local law enforcement.”
Also, Bitdefender recently published details about a Ring vulnerability that would allow attackers to find the Wi-Fi passwords in people homes. The issues was quickly remedied by Amazon through a patch.Neighbors privacy Ring vulnerability