In letter to senators, Amazon’s Ring defends cybersecurity policies

After a series of security incidents involving products made by Amazon-owned Ring, the home security company is defending its practices.
ring camera
A Ring doorbell is pictured outside a home (Wikicommons).

After a series of security incidents involving products made by Amazon-owned Ring, the home security company is making the case to U.S. senators that its cybersecurity policies are robust.

In a letter to lawmakers this week, which CyberScoop obtained, Ring said it regularly does penetration testing and source code reviews of its products, and that it encrypts the video captured by its cameras.

“Like any rapidly growing company, we recognize that we must continually evolve and enhance our data and security practices to block efforts by bad actors,” Brian Huseman, Amazon’s vice president of public policy, wrote in the letter to five Senate Democrats.

The company said it now “proactively monitors” for customer credentials sucked up in third-party breaches, and recently began prompting users to set up two-factor authentication on their accounts to make it harder for hackers to compromise them.


The senators — Chris Coons of Connecticut; Ed Markey of Massachusetts; Gary Peters of Michigan; Chris Van Hollen of Maryland; and Ron Wyden of Oregon — had requested details on Ring’s security practices following reports of weaknesses in the company’s doorbell cameras.

Ring, like the makers of countless other internet-of-things devices, has to reckon with the tradeoffs of security and accessibility.

Last November, researchers from security company Bitdefender showed how a vulnerability in Ring’s internet-connected doorbells could be used to intercept a customer’s login credentials and then launch a larger attack on the network. Amazon issued a patch for the vulnerability.

Ring cameras have also drawn concerted interest from malicious hackers, who have created dedicated software for breaking into them, Vice reported last month.

In a statement, Wyden said he was encouraged by Ring’s move to two-factor authentication, but added that “there are millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers.”


“Amazon needs to go further – by protecting all Ring devices with two-factor authentication,” the Oregon senator continued. “It is also disturbing to learn that Ring’s encryption of user videos lags behind other companies, who ensure that only users have the encryption keys to access their data.”

Huseman also told the senators that Ring had fired four of its employees in the last four years for improperly accessing customers’ video data, highlighting the risks to privacy of home IoT devices.

You can read the full letter below.

[documentcloud url=”” responsive=true]

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts