Ring’s Neighbours App Had Flaw That Revealed Users’ Home Addresses

Ring’s Neighbours App Had Flaw That Revealed Users’ Home Addresses
A doorbell device with a built-in camera made by home security company Ring is seen on August 28, 2019 in Silver Spring, Maryland. (Photo: Photo by Chip Somodevilla, Getty Images)

Ring, the Amazon-owned friend to nosy police departments everywhere, has suffered another embarrassing security stumble. The surveillance company’s Neighbours app — which was launched in 2018 as a kind of “neighbourhood watch” feature — apparently left users exact geographical data and home address information exposed to the internet.

Neighbours is Ring’s online forum where users can share public safety information about what’s going on in their communities. It’s basically a more dystopian version of Nextdoor. Posts on Neighbours are public but supposedly anonymous, with a poster’s full name and location obscured. Yet, due to the recently discovered security bug, a savvy web explorer would’ve been able to access information about the home addresses, as well as the exact latitude and longitude, of a poster’s location, TechCrunch reports.

Similarly, every time a user posted on Neighbours, Ring servers generated a unique number for the post. These numbers increased incrementally with each post, making it easy to tie the identifying number to other information about the poster, including geographical data, according to TechCrunch. All of this was invisible to the app user, however.

The company claims to have fixed the problem: “We fixed this issue soon after we became aware of it,” a Ring spokesperson said in a statement. “We have not identified any evidence of this information being accessed or used maliciously.” Yet these are, of course, famous last words.

This is definitely not the first time Ring has suffered security issues, either. In fact, last year, Gizmodo revealed how data exposed by the app allowed reporters to pinpoint thousands of Ring users across the U.S. Even more unfortunate is the fact that Ring is currently being sued over a slew of hacking incidents last year in which cyber-malcontents smashed their way into the home security system and hurled racial slurs, death threats and other obscenities at unsuspecting homeowners through the internet-connected devices.

Ring, which was acquired by Amazon in 2018 for over $US1 ($1) billion, has done its best to offset these problems by beefing up security in other areas. Yesterday, for instance, the company announced that it would begin rolling out end-to-end encryption for its products.

The company has frequently been dogged by criticism, not just for its security problems, but for its extensive relationship with law enforcement agencies across the country. As of June last year, the company had partnerships with at least 1,300 police departments throughout the U.S., making it essentially a “for-profit surveillance network.”