Ring Alarm Pro (2023)
From Wiki-IoT
Classification
| Ring Alarm Pro (2023) | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | 1 |
| Classification date | 2025-10-20 |
| Information | |
| Name | Ring Alarm Pro 8-Piece Security System (2023 refresh) |
| Brand by Parent | Ring by Amazon.com, Inc. |
| Generation | 1st Gen (still current) |
| Model(s) | B08HSTJPM5 |
| Release date | 2021-08-31 |
| Type/Category | DIY alarm system + Wi-Fi 6 router |
| Website | [1] |
| Status | End of sale |
| More | |
| Dimensions | 168.9 × 168.9 × 37 mm |
| Mass | 360 g |
| Operating system | FreeRTOS 10.4 (eero OS 6.0) |
| Companion App | Ring App + eero App |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Rare | [[1] https://www.bitdefender.com/blog/labs/vulnerability-in-ring-alarm-pro-zigbee-implementation/ [2] https://www.ifixit.com/Teardown/Ring+Alarm+Pro+Teardown/175816 [3] https://ring.com/security-whitepaper] | UART test-points under shield, no public back-door |
| Known vulnerabilities | Rare | [[1] CVE-2023-39227 (Zigbee downgrade, fixed) [2] https://www.cve.org/CVERecord?id=CVE-2023-39227 [3] https://www.bitdefender.com/blog/labs/vulnerability-in-ring-alarm-pro-zigbee-implementation/] | Only 1 CVE (CVSS 8.1) patched OTA |
| Prior attacks | Rare | [Same CVE-2023-39227; no mass exploitation reported] | No large-scale exploitation |
| Updatability | Very common | [[1] https://support.ring.com/hc/en-us/articles/360043354071 [2] Auto patch ≤30 days] | Forced OTA, no disable switch |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [[1] https://developers.ring.com/docs/device-access [2] Amazon Alexa & Z-Wave 700 series] | 3rd-party via OAuth/Z-Wave S2 |
| Communications | Encrypted with up-to-date encryption | [[1] WPA3-Personal, TLS 1.3, Zigbee 3.0 AES-128-CCM [2] https://ring.com/security-whitepaper] | Z-Wave uses S2-Class |
| Storage | Encrypted with up-to-date encryption | [[1] Local microSD AES-256-XTS (Edge Storage) [2] Cloud AES-256-GCM] | Keys in secure element |
| Category score | 2 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [[1] https://support.ring.com/hc/en-us/articles/360043035471 [2] Shared access & guest codes] | Can delete all devices & data |
| Authentication | Secure | [[1] 2-Step Verification mandatory since 2022 [2] https://support.ring.com/hc/en-us/articles/360043035471] | TOTP & SMS supported |
| Brute-force protection | Exist | [[1] 5 wrong PIN → 15 min lock [2] https://support.ring.com/hc/en-us/articles/360043035471] | Exponential backoff |
| Event logging | Access event logged | [[1] Ring App → Event History → Export [2] 60-day JSON/CSV] | Alarm, arm/disarm, power |
| Passwords | Require change after setup with complexity requirements | [[1] ≥10 chars, mixed-case+symbol [2] https://support.ring.com/hc/en-us/articles/360043035471] | No default creds |
| Category score | 1 | ||
| Grade | A- |
|---|
