It strikes me that in these days of anyone can apparently publish anything, we have a concurrent amount of “pick me, pick me.” Everyone wants to make a dent and be able to monetize that dent. This is not the marketplace of ideas, this is the mob of ideas.
And that brings us to the Ring Doorbell vulnerability. I have a Ring Doorbell. I think it is a II model. It works; I like it. If something dramatically better came along, I would switch. I have no real loyalty to Ring, other than the investment.
So Ring, it has been found, has a vulnerability. Apparently when I set up my doorbell 5 years ago, and went through that weird dance of joining its network before it could join mine, my wireless network credentials were sent to Ring in the clear.
That sounds scary. But lets think about this. How would someone get my wireless network information? He or she would have to have been focused on my house from some relatively close distance at the time I was transmitting that information to Ring: about a minute.
I live in a nice little neighborhood in Cleveland. It is in the city so that houses are relatively close. I know my neighbors well, and they me. Someone wandering down the street, or even parked in a strange car, attracts notice. I was in and out of the house with the screwdriver and my phone, setting this thing up. What are the odds that 5 years ago, someone with nefarious intent was in that small space precisely at that 60 seconds. I would say nil.
I suppose someone could send me a message to reset my Ring Doorbell and then wait around to see if I did it. That would be a lot of time invested, and like a savvy person, I would verify that message before I acted, but it could happen.
And yet, we got blaring headlines about the vulnerability from the tech press (by the way, the problem has already been fixed). The headlines were not: “ignore random emails telling you to rest your Ring Doorbells” which might have been useful. It was a “See, see, IOT cannot be trusted” type of headline. This sort of thing doesn’t help anyone. When your read further, you need to slog through the hysteria and do more research to assess the risks and understand what the fix it.
Dear tech press (and everyone else for that matter) take a breath. Deal with real problems in ways that can help. Did no one read Chicken Little as a child?