On the same day that a Mississippi family is suing Amazon [1]-owned smart camera maker Ring [2] for not doing enough to prevent hackers from spying on their kids[3], the company has rolled out its previously announced “control center,” which it hopes will make you forget about its verifiably “awful” security practices[4].
In a blog post[5] out Thursday, Ring said the new “control center,”[6] “empowers” customers to manage their security and privacy settings.
Ring users can check to see if they’ve enabled two-factor authentication, add and remove users from the account, see which third-party services can access their Ring cameras and opt-out of allowing police to access their video recordings without the user’s consent.
But dig deeper and Ring’s latest changes still do practically nothing to change some of its most basic, yet highly criticized security practices.
Questions were raised over these practices months ago after hackers were caught breaking into Ring cameras[7] and remotely watching and speaking to small children. The hackers were using previously compromised email addresses and passwords — a technique known as credential stuffing — to break into the accounts. Some of those credentials, many of which were simple and easy to guess, were later published[8] on the dark web.
Yet, Ring still has not done anything to mitigate this most basic security problem.
TechCrunch ran several passwords through Ring’s sign-up page and found we could enter any easy to guess password, like “12345678” and “password” — which have consistently ranked as some of the most common passwords[9] for several years running.
To combat the problem, Ring said at...