Owners of Ring security cameras have reason to feel violated according to a new report. While most thought that the cameras were able to detect what was going on inside and around their homes using automated computer vision technologies, there may have been an entire team of humans watching the footage as well. An unnamed source claims that starting in 2016 Ring gave a team of research and development personnel access to a folder on the Amazon S3 cloud service. This move granted them complete and unfettered access to every video created by every Ring camera in the entire world (that includes indoor cameras for the home like the Stick Up Cam as well as exterior doorbell and security camera like the Ring SpotCam).
That means any footage from inside the users home, outside the users home, of anyone and everything the Ring cameras saw was easily viewable and sharable by the team with nothing but a click. Just imagine some of the highly sensitive and personal moments that happen each day inside homes around the world that Ring cameras would view that this team had access to. The source, who talked with The Intercept, claims that when the Ukrainian team was granted access to the video files, the files were unencrypted.
To make matters worse, the source claims that the Ukraine team was also granted access to a corresponding database that linked each of those video files to a specific Ring customer. Not only could the team access the videos of people in and around their own homes, but the team also knew precisely who the Ring customers were. The source also claims that Ring unnecessarily gave engineers and executives in the U.S. access to the technical support video portal the company operated, which gave those people unfiltered, around the clock access to live video feeds from some customer cameras with no regard to whether the Ring employees needed access to that data for their job.
The only thing needed to view the video feeds of these Ring users was the user email address. The unnamed source was specific in that they never personally witnessed abuses of this access, but did offer up a chilling scenario. The source said, "if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras." The source did claim that Ring engineers were known to tease each other about who they brought home after dates. The engineers knew they were being watched via their Ring cameras, but it's doubtful that the people they brought home did.
As for why the Ukraine team was granted access to the video files, it had to do partly with weakness of the in-house facial and object recognition software that Ring used. The Ukrainian team manually tagged and labeled objects in a given video as a training process to teach the software to recognize objects on its own. This process is reportedly still utilized to this day.