Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Amazon Settles Ring Customer Spying Complaint

The FTC charged Amazon-owned Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or accounts.

Amazon on Wednesday agreed to pay $30.8 million to settle Ring and Alexa privacy complaints filed by US regulators, including accusations that employees spied on female customers, according to court documents.

The Federal Trade Commission charged Amazon-owned home security camera company Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or accounts.

According to the FTC complaint, Ring’s failures in security resulted in “egregious” violations of privacy such as female users of home security cameras being “surveilled” in bedrooms or bathrooms.

“Ring’s disregard for privacy and security exposed consumers to spying and harassment,” FTC bureau of consumer protection director Samuel Levine said in a statement.

Under a proposed order, which requires approval by a federal judge, Ring will delete any data unlawfully viewed and ramp up security with features such as multi-factor authentication.

Hackers exploited vulnerabilities to not only access video streams but also to take control of cameras to taunt children, sexually proposition people, and threaten a family with harm if they didn’t pay a ransom, according to the FTC.

Ring will pay $5.8 million as part of the settlement, the proposed order indicated.

“Ring promptly addressed these issues on its own years ago, well before the FTC began its inquiry,” Ring said in response to an AFP inquiry, adding that it disagrees with the allegations.

Advertisement. Scroll to continue reading.

Amazon will pay an additional $25 million as part of a separate deal to settle FTC accusations that children’s voice recordings captured by Alexa smart speakers were kept when they should have been deleted, according to the regulator.

US law “does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms,” Levine said.

Amazon will identify and delete any personal information it has kept from child profiles that are no longer active, a proposed order stated.

Related: Ring Doorbell App for Android Sends Out Loads of User Data

Related: Smart, or Not So Smart? What the Ring Hacks Tell Us About the Future of IoT

Related: Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products.

ICS/OT

As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...