Amazon Ring exposed wifi passwords; let’s talk ethics

Knock knock!

Who’s there?

WiFi.

WiFi who?

Why Fi…ght external regulation, if you won’t implement higher standards on your end?

Amazon’s Ring smart doorbell/camera services left customers in the ding-dong ditch by letting hackers exploit a flaw that exposed homeowners’ WiFi passwords to neighborhood hackers up until September of this year. I thought putting a ring on things locked them down, but I guess that’s only for people…

Truth be told, I honestly didn’t think a wifi password in the wrong hands could do too much. I figured neighborhood freeloaders would drag my speed down playing some MMORPG on my network or get me slapped by pirating Disney stuff on my dime.

Apparently, what a serious hacker is MORE likely to do is use that connectivity to share a keystroke tracking program with my computer, then sell my passwords to whoever wants them.

Imagine someone in Cairo clogging up my precious Netflix queue with a bunch of romcoms. Eww.

In all seriousness, that’s a pretty big flaw in the Ring. It took Bucharest-based Bitdefender (a merry band of cybersecurity researchers) to point it out. Amazon’s tech ninjas jumped on it, and the issue’s been fixed for a couple of months as of time of writing. But all’s not quite well yet.

The burning questions on my mind are: Who was supposed to catch it first? And why weren’t people told before the fix?

If you’re in the tech industry, know this, and know it well: John Q Public is not your beta tester.

Releasing a product with something as small as a typo on the packaging is embarrassing enough, but when you leave yourself open to something like letting your customers be vulnerable to identity theft, your face gets considerably more eggy.

And, as usual, leaving doors like this opened doesn’t just make your company look bad, or let competitors get the edge on you.

Consistent lack of inner standards means you’re going to be up against outer standards you’ll like even less. Sure, you might think that govt. regulation is going the way of the dodo, but the tech industry and recently emancipated pork industry aren’t the same.

If you’ll pardon the generalization, the more someone leans towards less government oversight, it’s more likely that they’ll view technology as a necessary evil than anything. And that means tech industry slip ups will be the first to be monitored if internal quality control keeps deteriorating. People are getting wise to how much information their smart devices are tracking, and how vulnerable they can become when that information isn’t secured.

Amazon execs will be fine if things go to the courts. Your startup? Probably not as much.

Look, tech nerds have it going on. I really WANT to advocate for leaving you all alone and letting you do your thing, but the constant corner cutting on security testing makes that difficult. Leaving consumers in the dark until the fix is done, meaning no one even had the chance to take precautions like instituting password changes, is a huge no-no, and the fact that I even have to rant about it is alarming.

You know that cliche, ‘It’s not that you DID xyz, it’s that you LIED about it’? It goes for lying by omission as well. Consider this case the coal mine canary.

You are your own industry’s gatekeepers. Take the job seriously before the job gets taken. Seriously