The Mozilla Foundation has just publicly denounced that Amazon has not acted so far against the vulnerability found at the end of last year in the Ring Wireless Video Doorbell video doorbells, of which it was notified more than 90 days ago.

From Mozilla, in accordance with the “industry standards”, they try to put on notice the more than 10 million Americans who have this device in their homes, and society in general, since the users of this device continue to be affected for the vulnerability to Wi-Fi deauthentication attacks, thereby putting pressure on Amazon to take action once and for all.



The vulnerability renders the device useless for its intended purpose

As they explain, attackers can take advantage of the vulnerability to disconnect devices from the Internet through easily accessible tools, and thereby prevent their criminal activities from being recorded.

The complaint comes just days after Ring paid a $5.8 million fine to the FTC for other serious privacy and security issues.

And it is that the FTC came to discover that:

Poor privacy and lax Ring security allow employees to spy on customers through their cameras, including those in their rooms or bathrooms, and make customer videos, including videos of children, vulnerable to hackers. online attackers

Amazon and real responsibility before millions of users

Ashley Boyd, VP of Global Advocacy at Mozilla, believes that Amazon should guarantee “robust security” to the more than 10 million users who have Ring Doorbell, acting as quickly as possible on any vulnerability found.

And according to Misha Rykov, a Mozilla research associate, he further shares that:

Mozilla shared the Ring vulnerability, and its fixes, with Amazon, but they have not taken any action to fix it. That’s why Mozilla is talking. Consumers deserve to know the vulnerabilities of the products they use, especially those intended to protect their homes.

Mozilla explains that in their tests carried out together with Cure53 they have used tools that are publicly found online on the device itself, and that they have also carried out tests in other areas such as “encryption, security updates and passwords”, not finding notable vulnerabilities.

Some of the suggestions offered to Amazon with the notice

And about the vulnerability in question, he went so far as to share a series of suggestions to Amazon, including the use of Wi-Fi standards such as 802.11w and WPA334 (viable if the access point is also compatible), a fallback mechanism as a fallback, and even the implementation of a function that records the date and time of offline alerts and then notifies the user about them when the device can be connected again.

At this point, Amazon only has to share its point of view of the situation publicly in response to the public complaint from the Mozilla Foundation so that users and society in general have a more complete picture of what happened.

