{"id":40434,"date":"2023-05-31T16:24:03","date_gmt":"2023-05-31T20:24:03","guid":{"rendered":"https:\/\/d56fg8tfg.fitnews.club\/finance\/ftc-says-ring-employees-illegally-surveilled-customers-failed-to-stop-hackers-from-taking-control-of-users-cameras\/"},"modified":"2023-05-31T16:24:03","modified_gmt":"2023-05-31T20:24:03","slug":"ftc-says-ring-employees-illegally-surveilled-customers-failed-to-stop-hackers-from-taking-control-of-users-cameras","status":"publish","type":"post","link":"https:\/\/d56fg8tfg.fitnews.club\/finance\/ftc-says-ring-employees-illegally-surveilled-customers-failed-to-stop-hackers-from-taking-control-of-users-cameras\/","title":{"rendered":"FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users’ Cameras"},"content":{"rendered":"
\n

The Federal Trade Commission charged home security camera company Ring with compromising its customers\u2019 privacy by allowing any employee or contractor to access consumers\u2019 private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers\u2019 accounts, cameras, and videos. <\/span><\/span><\/span><\/p>\n

Under a proposed order<\/a>, which must be approved by a federal court before it can go into effect, Ring will be required to delete data products such as data, models, and algorithms derived from videos it unlawfully reviewed. It also will be required to implement a privacy and security program with novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts. <\/span><\/span><\/span><\/p>\n

\u201cRing\u2019s disregard for privacy and security exposed consumers to spying and harassment<\/span>,\u201d said Samuel Levine, Director of the FTC\u2019s Bureau of Consumer Protection. <\/span><\/span><\/span>\u201cThe FTC\u2019s order makes clear that putting profit over privacy doesn\u2019t pay.\u201d<\/span><\/span><\/span><\/p>\n

California-based Ring LLC, which was purchased by Amazon in February 2018, <\/span>sells internet-connected, video-enabled home security cameras, doorbells, and related accessories and services. The company has marketed its products as offering greater home security and providing its users with peace of mind. For example, in promoting its indoor security cameras, which can be placed in individual rooms, Ring touts the ability of purchasers to <\/span><\/span>\u201cSee your home. Away from home\u201d alongside a picture of a Ring camera monitoring a child\u2019s bedroom.<\/span><\/span><\/span><\/span><\/p>\n

In a complaint<\/a>, the FTC says Ring deceived its customers by failing to restrict employees\u2019 and contractors\u2019 access to its customers\u2019 videos, using customer videos to train algorithms, among other purposes, without consent, and failing to implement security safeguards.<\/span><\/span><\/span><\/span><\/p>\n

According to the complaint, these failures amounted to egregious violations of users\u2019 privacy. For example, one employee over several months viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms. The employee wasn\u2019t stopped until another employee discovered the misconduct. Even after Ring imposed restrictions on who could access customers\u2019 videos, t<\/span><\/span>he company wasn\u2019t able to determine how many other employees inappropriately accessed private videos because Ring failed to implement basic measures to monitor and detect employees\u2019 video access. <\/span><\/span><\/span><\/p>\n

The FTC also said Ring failed to take any steps until January 2018 to adequately notify customers or obtain their consent for extensive human review of customers\u2019 private video recordings for various purposes, including training algorithms. Ring buried information in its Terms of Service and Privacy Policy, claiming it had a right to use recordings obtained in connection with its services for \u201cproduct improvement and development,\u201d according to the complaint. <\/span><\/span><\/span><\/p>\n

Security failures<\/span><\/span><\/span><\/h2>\n

According to the complaint, Ring also failed to implement standard security measures to protect consumers\u2019 information from two well-known online threats\u2014\u201ccredential stuffing\u201d and \u201cbrute force\u201d attacks\u2014despite warnings from employees, outside security researchers and media reports. Credential stuffing involves the use of credentials, such as usernames and passwords, obtained from a consumer\u2019s breached account to gain access to a consumer\u2019s other accounts. In a brute force attack, a bad actor uses an automated process of password guessing\u2014for example, by cycling through breached credentials or entering well-known passwords\u2014hundreds or thousands of times to gain access to an account.<\/span><\/span><\/span><\/p>\n

Despite experiencing multiple credential-stuffing attacks in 2017 and 2018, Ring failed, according to the complaint, to implement common tactics\u2014such as multifactor authentication\u2014until 2019. Even then, Ring\u2019s sloppy implementation of the additional security measures hampered their effectiveness, the FTC said. <\/span><\/span><\/span><\/p>\n

As a result, hackers continued to exploit account vulnerabilities to access stored videos, live video streams, and account profiles of approximately 55,000 U.S. customers, according to the complaint. Bad actors not only viewed some customers\u2019 videos but also used Ring cameras\u2019 two-way functionality to harass, threaten, and insult consumers\u2014including elderly individuals and children\u2014whose rooms were monitored by Ring cameras, and to change important device settings, the FTC said. For example, hackers taunted several children with racist slurs, sexually propositioned individuals, and threatened a family with physical harm if they didn\u2019t pay a ransom.<\/span><\/span><\/span><\/p>\n

In addition to the mandated privacy and security program, the proposed order requires Ring to pay $5.8 million, which will be used for consumer refunds. The company also will be required to delete any customer videos and face embeddings, data collected from an individual\u2019s face, that it obtained prior to 2018, and delete any work products it derived from these videos. The proposed order also will require Ring to alert the FTC about incidents of unauthorized access or exposure of its customers\u2019 videos and to notify consumers about the FTC\u2019s action.<\/span><\/span><\/span><\/span><\/p>\n

The Commission voted 3-0 to authorize the staff to file the complaint and stipulated final order. The FTC filed the complaint and final order <\/b>in the U.S. District Court for the District of the District of Columbia.<\/span><\/span><\/span><\/p>\n

NOTE: <\/span><\/b>The Commission files a complaint when it has \u201creason to believe\u201d that the named defendants are violating or are about to violate the law and it appears to the Commission that a proceeding is in the public interest. Stipulated final orders have the force of law when approved and signed by the District Court judge.<\/span><\/span><\/span><\/p>\n

The lead staff attorneys on this matter are Elisa Jillson, Andy Hasty, and Julia Horwitz <\/span>from the FTC\u2019s Bureau of Consumer Protection.<\/span><\/span><\/span><\/p>\n<\/div>\n

Official news published at https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2023\/05\/ftc-says-ring-employees-illegally-surveilled-customers-failed-stop-hackers-taking-control-users <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The Federal Trade Commission charged home security camera company Ring with compromising its customers\u2019 privacy by allowing any employee or contractor to access consumers\u2019 private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers\u2019 accounts, cameras, and videos. Under a proposed order, which must be approved […]<\/p>\n","protected":false},"author":1,"featured_media":40435,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[373],"tags":[],"class_list":{"0":"post-40434","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-finance"},"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t