Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Courts Privacy Security Technology

Amazon, Ring Face Class-Action Lawsuit Over Alleged Security Camera Hacks 35

Alabama resident John Orange has filed a class-action lawsuit accusing Amazon and Ring of failing to do enough to secure their security systems against hacks, including Orange's. Engadget reports: He alleged that a stranger compromised his Ring outdoor camera and spooked his kids as a "direct and proximate" result of the company's inability to protect its devices "against cyber-attack." He pointed to other incidents to support the argument for a class action, including a highly publicized event in December where a remote intruder harassed a Mississippi girl.

Orange also claimed that Ring's response was evidence of the company blaming customers. It told Orange that there was "no evidence" someone had hacked the firm's infrastructure, and that his incident may be the result of a breach at a "non-Ring service" where the perpetrators reused info to sign into Ring accounts. In other words, Ring couldn't help it if people reused passwords with sites and services it can't control. The suit formally levels accusations of breach of contract, invasion of privacy, negligence, unjust enrichment and violating California's Unfair Competition Law (through misleading representations of security). If it achieves class action status, it would ask Amazon and Ring to compensate victims and implement "improved security procedures and measures."
This discussion has been archived. No new comments can be posted.

Amazon, Ring Face Class-Action Lawsuit Over Alleged Security Camera Hacks

Comments Filter:
  • They could have simply thrown Amazon a few peanut$, or say they are affiliated with law enforcement, or probably somethingsomethingADSsomethingsomething, and they would have gotten all the keys to the kingdom.

    What a bunch of ... hacks.

  • "Hey Alexa, can you take a peek at my Ring"

    Amazon has gone deep into space ... we can tell because Uranus has rings too.
  • by andydread ( 758754 ) on Friday December 27, 2019 @08:12PM (#59563592)
    if you re-use the same credentials then you should be hacked. You can't blame service providers because you are a lazy moron and use the same credentials.
    • The fact is, good majority of the public are "lazy morons" by your definition. Amazon certainly knows that, and they should have taken appropriate steps to mitigate the issue. Just letting millions of "lazy morons" go ahead and pick stupid passwords obviously isn't good enough.

      Even if Amazon's lawyers manage to deflect liability on this, it's going to be an endless stream of bad publicity until it gets fixed.

      • "There is more stupidity than hydrogen in the universe, and it has a longer shelf life" - Frank Zappa
  • Monetary award (Score:2, Interesting)

    by rtkluttz ( 244325 )

    Please, for the love of God, make the monetary award so great that SAAS and hosted cloud services, especially for IoT goes away completely because the risk is too great.

    • by guruevi ( 827432 )

      Yeah because nobody could ever need low cost, maintained services. This lawsuit needs to be stomped deep into the ground, people need to learn about proper password security.

      • by q_e_t ( 5104099 )
        No, what is needed is good design that takes into account unhelpful customer behaviour and steers them to do sensible things as far as it is reasonable to do so. SaaS, etc., very much have their place and I agree with your implication there.
  • I'll be surprised if it's granted class action, chances are the EULA says arbitration, and that's binding (for now anyway).

  • It's not rings fault if users are morons. Knocking on ring seems to be the new in thing. Surprised someone is trying to cash in on it?

    • by dcw3 ( 649211 )

      It is Rings fault when they clearly know that a large portion of the public (their consumers) are going to do this, and be put at risk because they were too lazy to take a few simple steps to prevent it.

      • If the consumer doesn't read the instructions or follows directions TOO BAD. It's THEIR OWN FAULT. Is it Remington's fault if you buy one of their guns, aim it at your face and pull the trigger?
        • by dcw3 ( 649211 )

          False equivalence.

          People buy products every day w/o reading the instructions. And many Ring owners don't even do their own installations. Comparing these to guns is stupid, as is your caps lock. Take a breath and come up with a logical answer.

      • It is Rings fault when they clearly know that a large portion of the public (their consumers) are going to do this, and be put at risk because they were too lazy to take a few simple steps to prevent it.

        I can't think of any consumer-level service outside of some banking that MANDATES 2FA. How is it Ring's fault that their users don't avail themselves of the security measures that are available? Is Ring to be punished because they're telling the users that its their fault...because it IS their fault?
        (My Nest account has a uniquecomplex password and 2FA.)

    • by q_e_t ( 5104099 )
      It's Ring's fault if it doesn't assume that a significant proportion of its users haven't studied computer security, don't understand the requirements, and haven't read the 50 page EULA. The design of the product should be that the default actions are safe and an advanced user can go and screw it up if they want. This is pretty much how most other products work - e.g. you don't have your vacuum cleaner delivered with bare wires where the socket should be for you to attempt to wire up in some way or have you
  • ... because Ring will just share its install instructions that consumers ignore at their own peril.

  • A sticker inside the box:
    Random 20 character user name.
    A random 20 character password.
    Secure out of the box. Keep the sticker safe...
    • A sticker inside the box:

      Random 20 character user name.

      A random 20 character password.

      Secure out of the box. Keep the sticker safe...

      It's so secure it would never get used. Security vs usability is a series of tradeoffs. Your suggestion is too extreme.

      • Comment removed based on user account deletion
        • by AHuxley ( 892839 )
          The device would ship with a unique and long paw/username...
          The user can change as they want later.
          The setup would be a long unqiue username/ unique pw for that user.
      • by AHuxley ( 892839 )
        Re "would never get used"...
        The long and unique user name/password would be set in the factory so it would be "used" by default as shipped.
        If the user then wanted to change, reset they could.
        The "would never get used" would be used as that is what the service powered on with ...
        Just like an ISP, some commoner brand products and service can do and are doing...
        A strong an unique pw/users named shipped per device ...
  • I don't see the lawsuit going anywhere. Ring was never hacked. Idiot users used the same username/password from some other company's product, which was hacked. That's not Ring's fault and this is simply wallet-shopping to find the biggest payout. The suit should be dismissed with prejudice.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...