Database mix-up let some smart doorbell users see video from others’ homes

“I can see your front porch from here!”

David bisson
David Bisson
@

Database mix-up let some smart doorbell users see video from others' homes

A mix-up involving two databases allowed some users of a popular smart doorbell to view live footage from complete strangers’ front porches.

Earlier this month, Android Central began receiving reports from some Ring Doorbell Pro users that they could view video feeds that were not attached to their houses.

Enabled by Wi-Fi, Ring is a so-called “smart” doorbell that allows users to answer their doors anywhere via video on their smartphones.

Sign up to our free newsletter.
Security news, advice, and tips.

The doorbell comes equipped with motion sensors that monitor for activity on a user’s property. If triggered, those sensors send a mobile alert to the user, who can choose to enable on their smartphone a video feed transmitted from the Ring doorbell. The user can then see or interact with whatever (or whomever) triggered the sensors.

Maxresdefault

Ring touts itself as providing “a new level of security.”

But not in this case.

It’s freaky enough to see the video feed from another house’s doorbell. It’s downright disturbing to think someone else is watching your own home’s front porch.

Given those privacy concerns, Android Central reached out to Ring. The company has since released the following statement:

“Security is at the core of our company and this is something Ring takes very seriously. Here’s what happened. We use random numbers to generate a call ID from Ring products. We did a very robust Beta test of the new Ring Video Doorbell Pro on experimental software, and when we moved it out of Beta for the commercial launch, some customers’ numbers were in two different databases. As a result, those call ID numbers were overwritten.

We believe, based on all the data we have analyzed, that this caused less than ten instances – out of more than 4 million calls per day and over 84 million calls in total – where video recordings overlapped for Ring Video Doorbell Pro users only. We are in the process of merging those databases so this will no longer occur. This issue only effected Ring Video Doorbell Pro users, not users of our other products, Ring Video Doorbell and Ring Stick Up Cam.”

461354 ring video doorbell

Ring definitely should have done its due diligence and made sure all of their customers’ personal information was stored in the correct location when they moved for commercial launch.

It’s not as though the firm hasn’t found itself in hot water before over security and privacy issues. Earlier this year, for instance, a flaw was found in Ring’s “smart” doorbell that could have allowed attackers to easily steal the passwords to customers’ Wi-Fi networks.

But to be fair, it’s good to see the smart doorbell company taking responsibility for this latest issue. And if how it has resolved past security flaws is any indication, Ring should have everything fixed within a few weeks.

In the meantime, if you are a Ring user who can see other people’s video feeds, make sure you contact the doorbell company and let them know.

Let’s be honest: you’d want someone to do the same if they could view your doorstep.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

2 comments on “Database mix-up let some smart doorbell users see video from others’ homes”

  1. coyote

    People calling these things smart doesn't change the fact (no matter how many times they say it) that smart devices aren't all that smart (as is frequently demonstrated). And in this case it seems it has defied physics, being in more than one place at the same time. Or perhaps they've tapped into the fourth dimension.

    No. I would rather say that the doorbell is stupid. They should too.

  2. graphicequaliser

    I'd definitely "DENY" that! ;-)

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.