Ukrainian developers have been given access to files from all Ring camcorders in the world.
Ring Miniature Camera The Intercept
Edition has learned about a major failure of the manufacturer of security cameras Ring (owned by Amazon). It turns out that this company provided its developers in Kiev with full access to a folder on Amazon S3, where footage from all devices is stored. Moreover, the video data at that time was not encrypted, and the developers were also given a database that relates user names and video files.
Ring is positioning its line of miniature video cameras for installation as door bells, in garages, on bookshelves, etc. They are positioned not only as a tracking device, but also as decorative elements. These cameras allow you to monitor the house in your absence, help the police to find intruders in the event of hacking and theft. At least in the US at the moment, Ring cameras are quite popular, writes The Intercept . In the category of "smart doorbell" Ring is called the best device on the market .
Despite their mission to ensure the safety of people and property, informed sources say that this information leakage is a normal matter in the practice of Ring, which has never made any special efforts to protect private information of customers.
The source said that the Ukrainian development team has received unlimited access to video content in the Amazon S3 cloud storage since 2016. It contained all the videos created by each Ring camera around the world. This is a huge list of private files that are easy to view. To download a file of any user, just a couple of clicks is enough.
Ring company opened a development office in Kiev at the end of 2016. As recently wrote edition of The Information Part , this division is engaged in the application of machine learning for objects recognition and motion detection to increase the safety of Ring System.
The source said that Ring deliberately refused to encrypt content. Management considered these to be unnecessary expenses and “lost income opportunities”.
Obviously, developers need access to a large amount of real video to teach neural networks. Of course, Ukrainian programmers who are working on computer vision tasks are completely uninteresting in doing surveillance. Unless they can share with each other some funny or intimate moments that they notice in the video, as the NSA staff do, also having access to the private content of users (see. "NSA employees also have fun at work" ). But here there are two serious problems:
- Insider Access. Employees can sell "left" information to interested parties.
- Breaking the network. To access a specific American’s home video, you don’t need to break down Amazon’s servers, it’s enough to get into the network of the Kiev branch of Ring, which is obviously simpler.
The source says that the help of Ukrainian specialists had to be resorted to due to the weakness of the Ring’s own machine vision system. Software Ring for many years trying to master the basics of object recognition, but to no avail. According to the latest news report, “users regularly complained to the help desk for alerts when nothing remarkable happened at the front door; instead, the system seemed to detect a car driving down a street, or a leaf falling from a tree in the yard. ”
That is, the motion recognition system did not work as intellectually as it should work. In fact, the recognition of movements is not as easy as it seems. Machine vision has achieved incredible success in recent years, but creating software that can classify objects from scratch is often a costly and time consuming process. Therefore, they attracted the Ukrainian “data operators”, who manually marked the objects on videos for training the neural network. It seems that this marking process has been going on for the third year. According to LinkedIn, Kiev's Ring Labs (Ring Ukraine) still publishes job listings for data operators: “You should be able to recognize and correctly tag all moving objects in a video with high accuracy,” says one of the vacancies.. “Be prepared for quick changes in tasks as well as for long-term monotonous work.”