The Amazon-owned smart home product manufacturer Ring recently announced that it’s strengthening the security of its Internet of Things (IoT) motion-detecting doorbell cameras by offering end-to-end encryption (E2EE) for streaming video footage. There’s a catch, though. Users who opt to turn on E2EE will find that they need to make major tradeoffs. Convenience and usefulness drop if they want to enjoy the privacy benefits of E2EE. That highlights one of the problems with IoT security — balancing privacy with the device’s purpose.

That tradeoff is familiar for the people tasked with protecting IoT environments, especially in industrial settings. Today, manufacturers gather new data streams (such as audio and video content) on the factory floor. They can also insert new control tools (such as voice control and wireless headsets) into processes. As they do so, they need to keep this data close at hand for processing. But it must also be kept safe.

Ring Doorbell Highlights IoT Risks

Ring has a long history of IoT security and privacy issues. In some of those incidents, threat actors used the camera’s two-way talk function to harass customers. In the best-known of these incidents, a widely-shared video shows a faceless man taunting an eight-year-old girl from the Ring security camera that her family had installed in her bedroom.

The company insisted that these incidents were the result of customers’ credential re-use. Ring stated that bad actors used username and password pairs from third-party data breaches, not from a breach of Ring’s own network. Nonetheless, the company later added two-factor authentication to its account sign-in procedures after security experts found that it had no way of preventing so-called brute force attacks — in which attackers simply test out large numbers of possible passwords in an attempt to guess correctly. It also rolled out a new Control Center feature that enables users to better manage their privacy and security settings within the Ring app.

Now, Ring is putting E2EE in place for streaming video data.

Why IoT Security Comes at a Cost

According to Ring, the company’s new E2EE option is an “additional security- and privacy-centric feature [designed to provide] users with even more peace of mind”. To protect their customers’ streaming video data, Ring uses a technology called asymmetric key encryption. In this type of cryptography, the streaming data is encrypted when the device creates it. To decrypt it, you need a unique private key. This key works only on the local mobile device where the customer can view their video. In this case, the paired phone app generates the key, a unique 10-word passphrase. The system randomly selects each word of the passphrase from 7,776 words. To further protect the video stream, the phone app doesn’t store the passphrase locally. Instead, the user must enter it each time they want to view their videos.

What does relying on asymmetric key encryption mean for the user? Surprising few, the answer is nothing good.

First, customers using E2EE need to retype their 10-word passphrase every time they want to check their video stream. The phrase won’t make any sense, making it harder to remember. What if a user should happen to forget their passphrase? They’ll lose access to their device’s video content — forever. After all, the Ring doesn’t retain the decryption key or store it elsewhere.

Balancing Safety and Function

Secondly, because asymmetric key decryption is somewhat computationally intensive, it can’t be performed on any device. Only mobile phones running recent versions of iOS or the Android operating system can run Ring’s E2EE encryption feature.

And, crucially, the asymmetric key encryption that Ring relies on is a one-to-one encryption protocol. This is typical of the cryptographic techniques that have been used most often in computing to date. However, it doesn’t work well for securing cyber-physical systems and IoT devices. Smart buildings, smart factories and smart cities rely on geographically distributed sensor networks. Their data flows between systems that interact via multiple intermediaries. This means that IoT streams often have more than one recipient. Therefore, the device must encrypt, decrypt and re-encrypt the data multiple times if they are to remain secure.

For Ring customers who turn on E2EE, one-to-one encryption means a loss of function. E2EE users can no longer share their videos with other users. Nor can they view them online, or through Ring’s Windows and Mac desktop apps. What’s more, any Ring features that rely on external processing and analysis of video content will no longer work. So E2EE users can no longer access features such as automatic Motion Verification or People-Only mode.

Tomorrow’s IoT Security Solutions Need Many-to-Many Encryption

Ring’s E2EE is an opt-in feature. By default, the device comes with this feature turned off unless users opt to use it. Many users won’t. Large numbers of Ring customers bought their devices because they wanted to be able to view their videos from multiple devices, to share their data with others or to use popular social networking sites like Ring’s own Neighbors forum. For these users, the benefits of the enhanced privacy that E2EE brings aren’t worth the drawbacks.

For IoT security leaders tasked with protecting streaming sensor data in smart factories, the tradeoff is even more challenging. Making IoT data available for analysis both in the cloud and at the edge is the primary purpose of industrial IoT solutions. If the user can’t use streaming sensor data because it can’t be decrypted, the devices involved lose their value.

At the same time, leaving streaming sensor data unencrypted (and thus vulnerable to compromise) isn’t an option, particularly in the face of today’s more prevalent threats against manufacturing and critical infrastructure. Instead, it’s crucial that the industry adopt lightweight many-to-many E2E encryption algorithms as an industry-wide standard. While emerging tech such as Attribute-Based-Encryption (ABE) and object security frameworks show promise, many-to-many encryption must become the norm if IoT security issues are to be resolved in industrial settings.

More from Application Security

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Twitter is the New Poster Child for Failing at Compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government. But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private. The Musk Factor Technology visionary and Silicon Valley founder and CEO, Elon Musk, bought social network Twitter in October for $44…