$10,000+ Bounty Offered to Hackers Who Can Disconnect Ring Video Doorbells from Amazon Cloud
A newly launched bug bounty program is offering nearly $18,000 to anyone who can successfully disconnect Ring Video Doorbells from Amazon’s cloud servers while keeping the devices fully functional. This initiative aims to address ongoing privacy concerns about Ring’s data-handling practices and the lack of local storage options for users.
The bounty targets Ring doorbells released in 2021 or later, challenging hackers to create a software or firmware modification that allows for local control. The total bounty pot currently stands at $17,924, funded by public donations and a matching fund.
The goal is to develop a solution that integrates the modified Ring doorbell directly with a local PC or server via Wi-Fi or a physical connection. This modification must completely sever the device’s connection to Amazon servers and eliminate the need for Amazon hardware to function.
Crucially, the solution must not involve replacing the doorbell’s hardware and should be achievable with inexpensive, readily available tools. FULU requires that the modification preserve all on-device hardware features, including motion detection and color night vision. The creator must also provide clear instructions that a moderately technical user can follow to execute the process in under an hour.
Requirement Details:
– Local Integration: Must connect directly to a local PC/server via Wi-Fi or physical connection, ideally supporting Home Assistant.
– No Cloud Dependency: Must stop sending data to Amazon servers and not require Amazon hardware.
– Feature Preservation: On-device features (e.g., motion detection, color night vision) must remain functional.
– No Hardware Replacement: Must not replace the doorbell’s hardware.
– Accessible Tooling: Must use readily available, low-cost tools.
– Clear Instructions: Must include step-by-step instructions a moderately technical user can complete in under one hour.
– Model Eligibility: Must work on at least one Ring model released in 2021 or later.
– Compliance: Must meet the general bounty terms.
Ideally, the solution should also allow for user-friendly integration with Home Assistant platforms. The bounty is open to any eligible individual who can meet these criteria and the general terms outlined by FULU.
Privacy Concerns Drive Bounty
The motivation behind this bounty stems from persistent privacy issues associated with Ring, an Amazon subsidiary. In 2024, Ring agreed to a $5.6 million settlement following a Federal Trade Commission complaint alleging the company provided all employees with full access to customer videos. The FTC also claimed Ring failed to patch known vulnerabilities, resulting in approximately 55,000 customer accounts being compromised.
More recently, Ring faced significant backlash over its proposed “Search Party” feature, which ultimately led the company to terminate its partnership with Flock. Currently, Ring doorbell owners cannot store their video feeds locally or prevent data from being sent to Amazon’s servers. This lack of control has raised concerns that the very devices intended to enhance home security might be compromising user privacy.
The FULU bounty program seeks to empower users by providing a viable alternative for managing their Ring doorbell data. Interested hackers have until December 31, 2031, to submit a successful solution to [email protected]. If no viable modification is presented by the deadline, contributors will have the option to receive a refund or donate their contribution to FULU.
