Ring, the Amazon-owned friend to nosy police departments everywhere, has suffered another embarrassing security stumble. The surveillance company’s Neighbors app—which was launched in 2018 as a kind of “neighborhood watch” feature—apparently left users exact geographical data and home address information exposed to the internet.
Neighbors is Ring’s online forum where users can share public safety information about what’s going on in their communities. It’s basically a more dystopian version of Nextdoor. Posts on Neighbors are public but supposedly anonymous, with a poster’s full name and location obscured. Yet, due to the recently discovered security bug, a savvy web explorer would’ve been able to access information about the home addresses, as well as the exact latitude and longitude, of a poster’s location, TechCrunch reports.
Similarly, every time a user posted on Neighbors, Ring servers generated a unique number for the post. These numbers increased incrementally with each post, making it easy to tie the identifying number to other information about the poster, including geographical data, according to TechCrunch. All of this was invisible to the app user, however.
I still don’t understand the use case for Ring. “I’m not here, leave the package” – right, I’ll just break in now then!