Tag Archive for: Ring

Finally! Ring Doorbells get End-to-End Encryption, but There’s a Big Catch

/in


Amazon’s Ring unit is moving ahead with plans to allow end-to-end encryption (E2EE). U.S. customers can turn it on now, with the feature rolling out to other countries any second now.

But there’s always a catch. You need to remember a huge random passphrase. And a lot of features will stop working—including the ability to resell your device on the used market.

Is it a dark pattern? If it walks and swims and quacks like one, then it probably is. In today’s SB Blogwatch, we’ve got a bad feeling about Ring.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Turning into random objects.

I’m Sorry, Dave; I’m Afraid I Can’t Do That

What’s the craic? Jay Peters reports—“Ring’s end-to-end encryption … available now”:

More secure
Ring’s end-to-end encryption for video streams is leaving technical preview, is now available to US users, and is currently rolling out globally. … The opt-in feature makes it so that your video streams can only be viewed by you on an enrolled iOS or Android device.

Ring first announced video end-to-end encryption in September 2020 and launched the technical preview in January. … If you use two-step authentication to provide extra security to your account, Ring now supports authenticator apps, which [is] more secure than SMS.

And Steven J. Vaughan-Nichols adds—“Amazon is finally delivering it”:

Use E2EE—I will be
Did you know that that handy video your Ring doorbell takes … isn’t private? … Not only are your videos kept in the Amazon Web Services (AWS) cloud, [but they’re] transmitted in the clear.

A sufficiently motivated hacker, or your local police force, can easily watch who’s walking by your door. Until now. … If you decide to install this optional privacy feature, you’ll need to install a new version of the Ring application on your smartphone. Once installed, it uses a Public Key Infrastructure (PKI) security system based on an RSA 2048-bit asymmetric account signing key pair.

You’ll also need to set a passphrase, which you must remember. … If you lose it, you’re out of luck. [But] if you value your privacy, and you still like the convenience…

Source…

Facebook Blocks PA-Connected Hacking Ring Targeting Journalists, Activists

/in


(The Media Line) In a report released Wednesday, Facebook detailed its actions against two hacker groups from the Palestinian territories that made use of the Facebook platform to spy on Palestinians.

According to the report, the first group targeted journalists, human rights activists and government opposition, among others, and used malware to access phones and computers for spying. This group is connected to the Palestinian Authority’s Preventive Security Service (PSS), an intelligence agency tasked with internal security.

The second group, named Arid Viper, directed its efforts at Fatah members, PA officials and members of security forces, hinting at a possible connection to Fatah-rival Hamas. This second group employed a variety of tactics, all aimed at accessing personal information on phones and computers.

A PSS spokesperson rejected these allegations, telling Reuters that “we respect the media, we work within the law that governs our work.”

Facebook took action against these groups by blocking their accounts, as well as internet domains connected to them. The company also notified the attackers’ targets as well as “industry partners.”

If the allegations are true, the attacks are in keeping with the PA’s suppression of dissidents and critics. Both the PA and Hamas have been harshly criticized by human rights organizations for their employment of suppressive measures. A 2020 report by Amnesty International said that both Hamas, which controls the Gaza Strip, and Fatah, the organization heading the PA, arrested dozens of protesters, opposition members, activists and journalists throughout the year.

The 2020 annual report of MADA, the Palestinian Center for Development and Media Freedoms, noted a decline in the number of attacks on journalists in the Palestinian territories. Yet the report attributes the smaller numbers to lockdown measures enforced because of COVID-19, which lowered the number of interactions between journalists and potential attackers. “The state of media freedoms in Palestine has not witnessed any real positive and tangible developments that would serve to move away from the path of practices and trends that prevailed during the preceding…

Source…

Facebook Blocked PA-Connected Hacking Ring Targeting Journalists, Activists

/in


Acting from the West Bank, the group – allegedly connected to Palestinian intelligence – used ‘low-sophistication malware’ to spy on its targets

In a report released Wednesday, Facebook detailed its actions against two hacker groups from the Palestinian territories that made use of the Facebook platform to spy on Palestinians.

According to the report, the first group targeted journalists, human rights activists and government opposition, among others, and used malware to access phones and computers for spying. This group is connected to the Palestinian Authority’s Preventive Security Service (PSS), an intelligence agency tasked with internal security.

The second group, named Arid Viper, directed its efforts at Fatah members, PA officials and members of security forces, hinting at a possible connection to Fatah-rival Hamas. This second group employed a variety of tactics, all aimed at accessing personal information on phones and computers.

A PSS spokesperson rejected these allegations, telling Reuters that “we respect the media, we work within the law that governs our work.”

Facebook took action against these groups by blocking their accounts, as well as internet domains connected to them. The company also notified the attackers’ targets as well as “industry partners.”

If the allegations are true, the attacks are in keeping with the PA’s suppression of dissidents and critics. Both the PA and Hamas have been harshly criticized by human rights organizations for their employment of suppressive measures. A 2020 report by Amnesty International said that both Hamas, which controls the Gaza Strip, and Fatah, the organization heading the PA, arrested dozens of protesters, opposition members, activists and journalists throughout the year.

The 2020 annual report of MADA, the Palestinian Center for Development and Media Freedoms, noted a decline in the number of attacks on journalists in the Palestinian territories. Yet the report attributes the smaller numbers to lockdown measures enforced because of COVID-19, which lowered the number of interactions between journalists and potential attackers. “The state of media freedoms in Palestine has not witnessed any real positive…

Source…

Ring Geofence Helps Conveniently Conform Your Security To Your Needs

/in


Amazon-owned Ring is now rolling out a new Geofence feature to help automate at least some of the features found in its app. As its branding implies, the Ring Geofence is a purely software-side change that sets up location-based boundaries. But those boundaries aren’t necessarily meant to manage the top-rated security products Ring sells. Instead, they’re meant to provide helpful tips, reminders, and automation of the app.

If Ring Geofence doesn’t automate Ring’s cameras and sensors, what does it do?

The best example of how Ring Geofence can be useful comes in the form of how Ring handles alerts and reminders. In effect, it automates them on a per-user basis.

The example provided by the company starts with setting up a Geofence. That’s a user-defined boundary around the home or business protected by Ring devices. The setting itself is found in the side menu of the Ring app — with the update now rolling for all users on all platforms. Once activated, users can customize the boundaries of Geofence to best suit their needs. The automation then occurs on the app side.

Once enabled, Geofence can send alerts based on whether the boundary has been crossed. For instance, it can remind users to switch their security system over to “Away” mode. In effect, reminding users to disarm or arm their system.

The system can also be set up to automatically snooze alarms when it senses that the boundary has been crossed. So users can walk up to their own front door without getting an alert from a Ring Video Doorbell that there’s somebody at the door. Ring snoozes that alert temporarily too, so the motion alerts are reactivated after users get inside.

Is Geofence safe to use, since it uses real-time location data?

While Geofence is based on real-time location data, used by the app, it doesn’t collect that data. The data is retained only for long enough to identify whether the user-defined boundaries have been crossed.

Perhaps as importantly, those settings and alerts are user-specific. So they only appear on the device they’ve been set on. They don’t duplicate on other signed-in devices or for Shared Users. So users’ location data should remain safely on-device, on a device-by-device basis.

Source…