It took Amazon some time to live up to its promise to ramp up the security of the Ring camera, but finally, end-to-end encryption for the video feed on the app is now rolling out to eligible devices. Ring was already encrypting the videos that were uploaded from the devices to Amazon’s cloud, so the addition concerns the mobile devices used to access the feed from the cameras.
This is practically important because unauthorized users or people who have managed to access the Ring cameras somehow will still not get a usable feed.
The key to unlocking this video feed will only be provided to the enrolled user and mobile device, so only the actual customer and owner of the Ring device will be able to view the recordings or the live video feed. From a security perspective, this hits the nail on the head, as hackers accessing other people’s Ring cameras was precisely the problem that plagued the product series.
To enable the new feature, one has to update their Ring camera companion app on their smartphones, go to the Control Center, and enable the feature. Unfortunately, for now, Amazon has chosen to keep this new feature disabled by default.
Also, the feature will continue to roll out over the coming months, so you may not see it immediately in your app’s settings. According to the released whitepaper, the mobile OS platforms that are going to receive these features are iOS 12.0 and above and Android 8.0 and above.
As for the Ring devices that are eligible for the new E2EE features, these include the following:
Some popular Doorbell products released as recently as 2020 are not included, which is a shame, but we may see them being added later.
For those interested in the encryption itself, Amazon says they’re using a 10-word minimum passphrase generated by randomly selecting words from a dictionary containing 7,776 words. This achieves a minimum entropy of 128 bits, generating about 13 nonillion different phrases. Also, the implementation will include anti-brute-forcing measures like not retaining the passphrase after local creation and limiting the number of passphrase attempts.