Best answer: Yes, as far as we can determine, Ring products are safe — as in, the hardware is secure. However, as with any connected devices, users must understand how to take necessary security precautions with their login and password info to safeguard their valuable data and privacy.
- Stick 'em up!: Ring Stick Up Cam ($100 at Amazon)
Why Ring's safety is in question scandals abound
Are Ring products safe? It's an important and timely question, for sure. Although it's one of the most popular and prolific manufacturers of personal security devices, Ring is not the only player in this space by a long shot. Heavy hitters in home security also include Nest (Google), Arlo, eufy, and August, among others. Ring, however, has been hit particularly hard over the past year or so by a series of controversies and privacy scandals to the extent that none of its competitors truly have.
News about one of the biggest (and scariest) examples of Ring user data being leaked online broke late in 2019 when ne're-do-wells were able to "hack" into customers camera and audio feeds to spy on folks and generally wreak havoc in their personal lives.
Equally icky (though less public) was a report of Ring contractors and/or employees abusing their positions to access customer data and video feeds. Ring responded to the scandal by firing at least four employees and has limited what its existing employees and contractors are allowed to access for quality assurance research.
Ring also came under fire for cozying up to local law enforcement around the country to share video camera feeds to fight crimes like burglary and package stealing. While some have welcomed such a partnership, others are justifiably concerned with the level and extent of access police departments are afforded and how that has the potential to be abused. Let's not forget Ring's parent company Amazon's role in creating and selling facial recognition technology to government agencies.
There has also been a history of security flaws discovered in the system, including one that allowed hackers to access your Wi-Fi by pressing a button on the doorbell. There was another discovered in 2018 that allowed guests to log in to the system even after the password was changed.
All of this sounds bad, and it is, but the aforementioned hardware issues were fixed, and Ring is working on updating security flaws as they're found. So if that's true, how can you protect yourself and your personal video/audio data?
Security and social engineering 2FA FTW
In the above examples, Ring claimed that no customer information was directly lost by Ring itself. It said that users' emails and passwords had been accessed or leaked from other sites, and savvy hackers used this information to try to break into customers' Ring accounts. One reason this was somewhat successful was that humans are creatures of habit, and we often reuse passwords for multiple accounts and services. The hackers gambled that the credentials they accessed would work for other services like Ring, and in many cases, they were, unfortunately, correct.
One of the best ways for users to protect their accounts and data is to choose unique, strong passwords for each and every account, and whenever possible, to enable two-factor authentication (2FA). Enabling 2FA assures that even if someone can access your login and password information, they can't get to your data without that second authentication measure. We've published an article specifically on how to enable two-factor authentication on your Ring account, so be sure to read that before you get started.
It's also good practice to use a password manager such as 1Password, LastPass, or Dashlane to help you generate and store secure passwords, as well as to generate two-factor authentication codes. Regardless of how you generate and store your secure passwords, it's a good idea to use a password authenticator app like Google Authenticator, Authy, or 1Password rather than relying on SMS.
Ring came under additional scrutiny because it didn't emphasize (or force) new or existing account holders to follow these basic password protection policies, but it has started to correct course. Now, all new accounts are required to set up two-factor authentication when they first launch the app and connect their Ring device(s). Of course, existing Ring customers can enable two-factor authentication at any time.
Additionally, Ring announced a new Control Center feature at CES 2020. Similar to the Amazon Privacy Hub, the new Ring Control Center allows users to better control their device security by opting out of the aforementioned police partnerships, as well as controlling more privacy settings from the Ring app.
So, where does that leave us? I think we just need to remember how important it is to prioritize our digital security along with our physical security. Use strong, unique passwords. Store those in a secure place (like a password manager). Use two-factor authentication (and preferably not SMS/text message). Monitor your devices and accounts. And above all, use your head.