Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy

Amazon's Ring Neighbors App Exposed Users' Precise Locations and Home Addresses (techcrunch.com) 19

A security flaw in Ring's Neighbors app was exposing the precise locations and home addresses of users who had posted to the app. From a report: Ring, the video doorbell and home security startup acquired by Amazon for $1 billion, launched Neighbors in 2018 as a breakaway feature in its own standalone app. Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues. While users' posts are public, the app doesn't display names or precise locations -- though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes. But the exposed data wasn't visible to anyone using the app. Rather, the bug was retrieving hidden data, including the user's latitude and longitude and their home address, from Ring's servers. Another problem was that every post was tied to a unique number generated by the server that incremented by one each time a user created a new post. Although the number was hidden from view to the app user, the sequential post number made it easy to enumerate the location data from previous posts -- even from users who aren't geographically nearby.
This discussion has been archived. No new comments can be posted.

Amazon's Ring Neighbors App Exposed Users' Precise Locations and Home Addresses

Comments Filter:
  • What a toxic thing (Score:4, Interesting)

    by Arthur, KBE ( 6444066 ) on Thursday January 14, 2021 @11:52AM (#60943728)
    The Stasi would have blown a load for this device. Neighbors tattling on neighbors, and they PAY for this "privilege".
    • The Stasi would have blown a load for this device. Neighbors tattling on neighbors, and they PAY for this "privilege".

      Pay? In that form of government, the people are already paying for the security apparatus that enables the Stasi to exist, cameras will be provided free of charge comrade.

      Plus, they would have gone dry when cordless phones exploded in the 90's, or cheap internet based security cams were available twenty years ago. They wouldn't have anything left by the time cellphones were widely available, much less smartphones... or drones, for crying out loud.

      The problem with the Stasi is always the Stasi, not every n

  • This wasn't a bug, this was an intentional design which someone noticed and made a complaint about. A company of Amazon's size wouldn't make that big blunder, they intended to leak the information because they wouldn't collect it otherwise.
  • by BAReFO0t ( 6240524 ) on Thursday January 14, 2021 @12:24PM (#60943924)

    Is that what we call instrumenting the population for totalitarian surveillance nowadays?

    Why not go all the way?
    "Glorious children-protecting anti-terrorist anti-Russian-hacker safety for you and the Oceania motherland". Gcpatarhsfyatom!

  • "But the exposed data wasn't visible to anyone using the app. Rather, the bug was retrieving hidden data, including the user's latitude and longitude and their home address,"

    So was this data being sent to the camera's owner app, or everyone viewing their posts through their app, and those users were slurping this data through 3rd party tools?

    "Another problem was that every post was tied to a unique number generated by the server that incremented by one each time a user created a new post. Although the numbe

  • Your neighbors, and you are surprised? All Social Media should be required to be like this, can't end any more badly than what we have now.
  • If you're dumb enough to use "Cloud connected cam, doorbells, locks, ..." in your house, you deserve this. It's that simple.

  • by LenKagetsu ( 6196102 ) on Thursday January 14, 2021 @04:18PM (#60945146)

    Has a dumb TV.
    Has a dumb car.
    Has a dumb fridge.
    Has a dumb cooker.
    Has a dumb doorbell.
    Has a router that he bought.
    Has a computer he personally build.
    Has a firewall and a mile-long hosts list.
    Has a browser with maximum security settings.
    Has never uttered the word "Alexa" in his house.
    Has never uttered the phrase "OK Google" in his house.
    Has never uttered the phrase "I have nothing to hide."
    Has never entered his phone number into a website.
    Has never used his real name on the internet at all.
    Has never used Facebook, MySpace, or Twitter.
    Has never used the same alias twice.
    Has never alluded to his location.
    Has never shown his face.
    Has never faltered.

  • by Venguer ( 7640444 )
    What can we do with all these illegal things happening in the 21st century? Companies sell our private information we have to share with them in case we want to use their service. I have no idea what can I do to stop those annoying calls that say me to pay for something I do not have or buy drugs or whatever. What is the source of the information they have about us? I do not like this situation. Honestly, I have recently replaced my home security system with the Ajax one https://ajax.systems/ [ajax.systems] because mine w

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...