Security Experts:

Connect with us

Hi, what are you looking for?



Ring Rolls Out Mandatory 2FA, New Privacy Controls

Amazon-owned home security and smart home company Ring this week announced new security and privacy features for all of its users.

Amazon-owned home security and smart home company Ring this week announced new security and privacy features for all of its users.

Following reports of hackers accessing Ring cameras and spying on people or harassing them, the company is apparently working on addressing these issues, and has started with a CES announcement on a new Control Center for both iOS and Android.

While the Ring incidents have surfaced problems that are representative for the Internet of Things industry, the issues related to the vendor are not limited to its cameras. Last month, the Electronic Frontier Foundation (EFF) warned that the Ring doorbell Android app contained third-party trackers and was sending out lots of personally identifiable information (PII).

This week, Ring announced not only mandatory 2FA for all user accounts, which should prevent unauthorized access to accounts even if the username and password have been compromised, but also improved control over the information that is being sent out to third-parties.

With mandatory 2FA in place, when a user logs into their Ring account, a one-time six-digit code to verify the login attempt — this applies to all Shared Users on the account as well — will be sent, either via email or as a text message (SMS).

Additionally, the company says it wants to increase transparency into its data sharing practices and to offer users increased control over the information shared with third-party service providers.

“Beginning immediately, we are temporarily pausing the use of most third-party analytics services in the Ring apps and website while we work on providing users with more abilities to opt out in Control Center,” Ring says.

This spring, the company will roll out new options to allow users to further limit the sharing of information with third-party service providers.

Starting this week, new options in Control Center allow users to opt out of having their information shared with third-party services for the purpose of receiving personalized ads — although users might still see non-personalized Ring ads from time to time.

“Ring does not sell your personal information to anyone. We occasionally collaborate with third-party service providers that specialize in delivering different benefits, such as identifying and solving your problems faster when you contact Ring Community Support, providing you with personalized Ring offers and discounts, and communicating important alerts about your devices, like when your battery is low,” the company notes.

Related: Smart, or Not So Smart? What the Ring Hacks Tell Us About the Future of IoT

Related: Ring Doorbell App for Android Sends Out Loads of User Data

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.