Ring’s Neighbors app is still suffering from privacy shortcomings almost three years later. TechCrunch has learned a bug in the Amazon-owned neighborhood watch tool exposed precise locations and home addresses for anyone posting in the software. The app was pulling hidden positional data from Ring’s servers. While users wouldn’t see the info, an attacker could combine that info with unique post numbers to help interpret locations.
Ring spokesperson Yassi Shahmiri said the company had fixed the issue once it became aware, and it had “not identified any evidence” of malicious access.
Even so, word of the flaw doesn’t exactly help Ring’s image. Gizmodo discovered a Neighbors flaw in 2020 that let it map Ring users. The company is also grappling with a class-action lawsuit for allegedly failing to stop security camera hacks, and has drawn criticism for its eagerness to share data with police. Ring promised to improve security last year and took important steps like requiring two-factor authentication and offering end-to-end video encryption, but it clearly still has some work left before it can reassure users that its apps and devices are trustworthy.