A flaw in the Neighbors app, a social networking app owned by Amazon home security subsidiary Ring, has reportedly left users’ addresses and locations exposed.
First reported by Tech Crunch, a bug in the Ring Neighbors app made it possible to view the location of users posting on the app, who are usually anonymous.
The Ring Neighbors app, available in the US, allows users to share safety concerns with those in their local community within a five-mile radius. Users can share photos and video clips captured by their Ring doorbells. Through Ring’s partnerships with law enforcement agencies, police departments can post public bulletins and can request access to the “Neighbors Portal”.
Although location data was not visible to users of the app, the bug reportedly meant it was possible to access hidden data on users’ location and address.
A Ring spokesperson told Verdict:
“At Ring, we take customer privacy and security extremely seriously. We fixed this issue soon after we became aware of it. We have not identified any evidence of this information being accessed or used maliciously.”
Ring, which was acquired by Amazon in 2018, has faced criticism in the past for security issues and its partnerships with law enforcement agencies. Earlier this week, the company announced that it was introducing end-to-end encryption for several of its doorbells and cameras.
Jake Moore, cybersecurity specialist at ESET, said:
“Ring has been fraught with danger since the beginning, but it has not always been entirely their fault. Many apps come with an array of functions and users must learn how these operate in order to make the best possible use of them whilst weighing up the security options to learn what is best for them. Every IP address added to the home network brings an extra level of risk and therefore users must understand the added vulnerability and decide if it is worth it.”