What Video Doorbells Have to Teach Us About the Difficulties of IoT Security
The Amazon-owned smart home product manufacturer Ring recently announced that it’s strengthening the security of its Internet of Things (IoT) motion-detecting doorbell cameras by offering end-to-end encryption (E2EE) for streaming video footage. There’s a catch, though. Users who opt to turn on E2EE will find that they need to make major tradeoffs. Convenience and usefulness drop if they want to enjoy the privacy benefits of E2EE. That highlights one of the problems with IoT security — balancing privacy with the device’s purpose.
That tradeoff is familiar for the people tasked with protecting IoT environments, especially in industrial settings. Today, manufacturers gather new data streams (such as audio and video content) on the factory floor. They can also insert new control tools (such as voice control and wireless headsets) into processes. As they do so, they need to keep this data close at hand for processing. But it must also be kept safe.
Ring Doorbell Highlights IoT Risks
Ring has a long history of IoT security and privacy issues. In some of those incidents, threat actors used the camera’s two-way talk function to harass customers. In the best-known of these incidents, a widely-shared video shows a faceless man taunting an eight-year-old girl from the Ring security camera that her family had installed in her bedroom.