Amazon starts rolling out Ring end-to-end encryption globally

Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption (E2EE) to customers with compatible devices.

Ring first announced the release of E2EE in technical preview for US customers on January 13, 2021.

“Today, we’re proud to announce that we’re moving it out of technical preview and expanding the feature’s availability to customers around the world,” Ring said.

“By default, Ring already encrypts customer videos when they are uploaded to the cloud (in transit) and stored on Ring’s servers (at rest).

“Now, customers around the world, with eligible Ring devices, can opt into video End-to-End Encryption, to add an extra layer of security that only allows their videos to be viewed on their chosen mobile device.”

Once E2EE is set up via the Ring app, only the users’ enrolled mobile devices have the key needed to unlock the customers’ videos, preventing unauthorized access and ensuring that no one else—not even Ring or Amazon—can view them.

The company provides a list of Ring cameras and video doorbells with support for the just rolled out Video E2EE (battery-powered doorbells and cameras are not compatible with E2EE.)

Setting up Ring video E2EE requires:

• iPhone iOS 12+ or Android 8+ (Oreo).
• Video E2EE works with Ring app versions 5.34.0 and higher and Android 3.34.0 and higher.
• The latest version of the Ring app is installed.

More information on Ring’s End-to-End Encryption is available in Ring’s whitepaper published earlier today (an executive summary and FAQ are available here.)

The company also provides the step-by-step instructions needed to set up or turn off video E2EE on eligible Ring devices.

“We designed E2EE so that users can enable this encryption feature at any time and control who can view their videos while still being able to use core functionality, such as video streaming,” Ring added.

“Even if a user disables E2EE, the videos that were encrypted while it was enabled will stay encrypted.”

Starting today, Ring also added support for using authenticator apps to sign accounts where two-factor authentication (2FA) is enabled and began rolling out CAPTCHA in the Ring app to block threat actors’ automated login attempts.

Customers will also be able to transfer ownership of devices after selling without reaching out to Customer Support via a soon-to-be-launched automated self-service process.

Last year, Ring rolled-out mandatory 2FA to all user accounts to prevent attackers from gaining access to customers’ Ring accounts, even if they have the user credentials.

The change came after threat actors terrified homeowners and their children by taunting them over Ring devices’ speakers following a series of hacks targeting Ring cameras.