Here is an article where you can read more: https://foundation.mozilla.org/en/blog/mozilla-publishes-ring-doorbell-vulnerability-following-amazons-apathy/

Quoted a portion:

(SAN FRANCISCO, CA | TUESDAY, JUNE 6, 2023) – Today, Mozilla is publicizing a security vulnerability in Amazon’s Ring Wireless Video Doorbell. Mozilla shared the vulnerability with Amazon over 90 days ago, but Amazon has yet to address the issue. Now, per industry standards, Mozilla is sharing its findings publicly to alert Ring Doorbell users and to further pressure Amazon to take action.

Following a penetration test of the Ring Doorbell conducted in October-November 2022, Mozilla and collaborator Cure53 determined that the device is vulnerable to Wi-Fi deauthentication attacks. Bad actors can leverage these weaknesses to disconnect the device from the internet using easily-accessible tools.

As a result, those bad actors could take the doorbell offline and then have their activities go unrecorded — undermining the product’s core purpose. Even after the doorbell is reconnected to the internet, a user will receive no alert about the attack.

Mozilla’s disclosure comes just days after Ring’s $5.8 million settlement with the Federal Trade Commission (FTC) over other serious privacy and security issues. The FTC found that “Ring’s poor privacy and lax security let employees spy on customers through their cameras, including those in their bedrooms or bathrooms, and made customers’ videos, including videos of kids, vulnerable to online attackers.”

  • phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    1 year ago

    Sign a petition? How about not use Amazon smart home products.

    It’s like signing a petition to ask McDonald’s to use real ingredients in their food. Why bother, don’t eat it.

    I have a hundred other real problems.

    • Otter@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I do both

      There are a lot of things that don’t affect me directly, but I might vote/sign a petition for it. Even if it doesn’t actually work out in my favor, more people see it and learn about the issue.

      If there’s a petition going around or news about the number of people that signed, and someone was already on the fence, it might act as the straw that gets people to dump Amazon smart home products.


      There’s also the case where these devices are collecting data on you even if you don’t own one. What if you go to a friend’s place, or a friend is talking about something you’re working on, or even if you walk by a house that has a smart doorbell?

      Not saying everyone NEEDS to do this, because you need to have the time and mental energy to deal with it. Just saying that there’s still value in doing so even if you don’t use the products yourself.

  • daftwerder@lemm.ee
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    3
    ·
    1 year ago

    it really sucks to have to walk past these cameras… no consent needed apparently but the privacy implications are huge

    • ShunkW@lemmy.world
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      3
      ·
      1 year ago

      You’re generally in a public place. At least in the US, you have no expectation of privacy in public. Anyone can record you without your consent

      • Otter@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        4
        ·
        1 year ago

        While that might be true, I think some of these expectations and understandings are based on a world that no longer exists.

        In the past, you could only be seen by the few people around you. Even when recorded, there was a limited number of people that could see the video. Now some influencer can run up to you and share your reaction with a few hundred million people. On the side of data collection, companies have so much more aggregate data that they can use and abuse. With newer algorithms to analyze that data, they can keep pumping more and more data into it to figure out intimate details about who you are and how you feel about things.

        So yea that might be how our laws and social norms are set up now, but we don’t have to stick to it if it doesn’t make sense anymore.

        • body_by_make@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          5
          ·
          edit-2
          1 year ago

          How long in the past are you talking? Ring cameras are basically just cheap CCTV cameras which have been around for an incredibly long time. You’re complaining you can’t walk in front of people’s houses without being recorded I guess, but how long have you been complaining about not being able to walk past your gas station or Walmart?

          It’s a larger scale, but honestly private property deserves the protection more.

          Amazon sucks though, ubiquiti is where it’s at.

          ETA: I know you’re not the person who originally posted this complaint, but since you’re defending their point then I assume you also agree with it.

  • GreatAlbatross@feddit.uk
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Is there a fix for de-auth nowadays?

    I haven’t looked at it for years, but didn’t it use to be that devices would listen for a de-auth from any source, meaning that a bad actor could poison any wlan in range?

    From my understanding, that’s how hotels did it to encourage paying for wifi: If Joe starts a hotspot called JoePhone, their systems would automatically start spamming de-auth for JoePhone.

    Unless it got fixed in a 2.4/5GHz revision?

    • Danny M@lemmy.escapebigtech.info
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      deauth attacks are still a thing, however this is changing with wpa3.

      If your router has a setting called “Protected Management Frames” you should enable it ASAP, it’s basically encrypted and signed communication for every packet of data, so that your computer basically refuses to trust any deauth signal that doesn’t actually originate from the router (massively simplifying here).

      • terminhell@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Just double checked mine. Abbreviated as PMF, and it’s a toggle to turn OFF. Also have been using wpa3 for a while now.

  • Chemical Wonka@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    3
    ·
    1 year ago

    But they were purposely made this way precisely to spy on users and create a system of mass espionage in addition to profits.

    • pdxfed@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      1 year ago

      The last 10 years:

      Quick, race to install cameras, voice recorders and locks connected to the Internet made by companies who have demonstrated no higher purpose than to sell your data and certainly couldn’t give two fucks what is stolen.

      /Surprised Pikachu

      • DeathsEmbrace@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 year ago

        Almost like we forget Alexa, Google,Microsoft and any other company are not your friends and if its free it’s because you’re the product they’re selling.

    • bbbbb@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Ring and Blink are designed differently and run different hardware. However, I would guess that some Blink devices have the same issue. I might be wrong but I think all 2.4 GHz Wi-Fi is vulnerable to deauth

  • Doctor xNo@r.nf
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    19
    ·
    1 year ago

    Oh no! There’s a cheap version of a tech out there that has bugs and/or cut corners at the cost of security!? 😱 What do we do now!?

    I suggest we turn off the internet until it’s safe again!

    🙄😅

    • Salvo@aussie.zone
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      1 year ago

      The problem is that it becomes a race to the bottom. People who buy Rings and Echos and Fire Sticks and Google Homes and Android Phones either don’t care about their privacy, don’t know about their privacy or can’t afford privacy.

      Then other brands try to compete with these products and it is a race to the bottom.

      Privacy is a luxury, but even then, sometimes manufacturers will create a false luxury brands but still exploit customer data. Just look at the list of car manufacturers who were recently called out by Mozilla. Just look at Google Pixels vs iPhones.

      • Engywuck@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        I buy Android phones exactly because I can unlock them and get rid of all Google crap. Try de-Appleing an iPhone, instead…

        • Salvo@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Not everyone has that luxury, even those who are technically capable of removing it.

          I don’t want to get into an Apple/Google / Know-Your-Product debate, but how do you know you removed all the Google Crap?

          You only way of knowing what is on your phone is if you start from scratch with something like Ubuntu Touch and compile from source; even then, how do you know the manufacturer doesn’t have an embedded “phone home” chip?

          At some point you have to decide whether to avoid Crapware completely or go with just the crapware from someone you can trust.

          • Engywuck@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago
            1. one can learn
            2. I can monitor DNS queries rom my own adblocker DNS server and all my DNS queries are forced through it. All other DNS servers includind DoT, DoH are blockes/redirected.
            3. See 2)
            4. A good start is to buy stuff you know you (almost) completely own. Thus, non-iStuff
            • Salvo@aussie.zone
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Analogies are always terrible but here are some analogies for the options you are offering.

              Most people live in cities and suburbs. Downtown and Suburbia are the safe places, heavily policed and everyone is expected to conform. There are also other parts of Cities that are not heavily policed by government enforcement; they are policed by Organised crime.

              Then there are people who live in the country. Some are Farmers or other Primary Industry workers, some are Moneyed individuals who own hobby farms or ranches, some live in Cultural Communes or Religious Retreats/Compounds.

              The Apple Ecosystem is for the city dwellers in comfortable environments. They won’t mind certain restrictions because they know that they benefit from the security of those restrictions. Google Pixels also fall into this community, but only because there is always that weird person at the dinner party who is a little bit different, but they are still safe to be around.

              The Aftermarket Android market is that part of town that your parents told you to stay away from. You can go there if you like, you might even have a good time taking drugs or spending time with sex workers, but you run the risk of getting a horrible VD or bad fit cut with drain cleaner. Even if you are street-smart, there may be someone who is smarter than you who can get past your defences.

              Out in the country, people aren’t as reliant on technology, they are too busy doing “real work”. They have a phone that makes phone calls (when they have reception), take photos and send text messages. These people have Dumb Phones.

              In communes and religious communities that are very insular, there is usually one person (or group of people) in charge that dictates what everyone does. They can usually spend the time to tweak their systems to best suit their community members, while their community members are busy growing food, repairing shelters and doing the menial work it takes to make a small community successful. These are the Linux-on-Phone users.

              I would love to be a Linux-on-Phone user, but since I work 8-5 every day, and if I want a management role, I would need to continue working from home after hours, I use an iPhone and UniFi home network. I’m not stupid enough to use an ISP supplied router, I don’t even have time to roll-my-own-Linux or BSD-based network using something like pfSense.

      • Doctor xNo@r.nf
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        I get that, but has it not always been like this? We’ve been badly and dangerously copying stuff since we as humans started to invent things. I’m amazed even tjat nobody blew their gead off or want blind yet from some cheaply copied VR headset, but I might still be cheering too soon…

        I know it’s not a good thing, but it always existed cause it provides a way for lower incomes to gain a bit more equality by at least getting to experience the functionality of an otherwise too expensive product that was carefully certified for safety…

        So it just seems weird to me to suddenly remark something that has always been there, unrelated to my opinion about it… 😅