Hackers Offered $10K+ Bounty to Disconnect Ring Doorbells from Amazon Cloud
A new bug bounty program is offering nearly $18,000 to individuals who can successfully modify Ring Video Doorbells to operate independently from Amazon’s cloud servers while maintaining full functionality. This initiative addresses ongoing privacy concerns regarding Ring’s data-handling practices and the absence of local storage options for users.
The bounty specifically targets Ring doorbell models released in 2021 or later, challenging participants to develop software or firmware modifications that enable local control. The total bounty pool currently stands at $17,924, funded by public donations and a matching fund.
Bounty Requirements:
– Local Integration: The modified Ring doorbell must connect directly to a local PC or server via Wi-Fi or a physical connection, ideally supporting integration with platforms like Home Assistant.
– No Cloud Dependency: The device must cease all data transmission to Amazon servers and operate without reliance on Amazon hardware.
– Feature Preservation: All on-device features, such as motion detection and color night vision, must remain fully functional.
– No Hardware Replacement: The modification should not involve replacing any hardware components of the doorbell.
– Accessible Tooling: The process must utilize readily available, low-cost tools.
– Clear Instructions: Comprehensive, step-by-step instructions should be provided, enabling a moderately technical user to complete the modification in under one hour.
– Model Eligibility: The solution must be applicable to at least one Ring model released in 2021 or later.
– Compliance: The modification must adhere to the general bounty terms set forth by the organizing entity.
The primary goal is to develop a solution that integrates the modified Ring doorbell directly with a local PC or server, eliminating the need for Amazon’s cloud infrastructure. This approach aims to provide users with greater control over their data and enhance privacy.
Privacy Concerns Prompt Bounty Initiative
The motivation behind this bounty stems from persistent privacy issues associated with Ring, a subsidiary of Amazon. In 2024, Ring agreed to a $5.6 million settlement following a Federal Trade Commission (FTC) complaint alleging that the company provided all employees with full access to customer videos. The FTC also claimed that Ring failed to patch known vulnerabilities, resulting in approximately 55,000 customer accounts being compromised.
More recently, Ring faced significant backlash over its proposed Search Party feature, which ultimately led the company to terminate its partnership with Flock. Currently, Ring doorbell owners cannot store their video feeds locally or prevent data from being sent to Amazon’s servers. This lack of control has raised concerns that the very devices intended to enhance home security might be compromising user privacy.
The bounty program seeks to empower users by providing a viable alternative for managing their Ring doorbell data. Interested hackers have until December 31, 2031, to submit a successful solution to [email protected]. If no viable modification is presented by the deadline, contributors will have the option to receive a refund or donate their contribution to the organizing entity.
