Major Security Vulnerability Found in Yet Another Consumer IoT Device

PinIt

Researchers at Bitdefender discovered a security flaw that involved the devices sending hackers the passwords of the WiFi networks they were connected to.

In a recent case study, cybersecurity research company Bitdefender revealed a serious security flaw in the popular Amazon Ring doorbell. According to their findings, when the doorbell is configured for a WiFi network, it creates an access point to that network without the need of a password. A hacker can trick the device into malfunctioning, prompting the owner to reconfigure it. A nearby hacker can then get into the network and launch a larger attack.

See also: IoT Security Remains a Top Concern

“When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecured manner, through an unprotected access point,” said Bitdefender. “Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”

Bitdefender said it made Amazon aware of the issue and a spokesperson for Ring said the security hole has been closed and urged owners to make sure their devices have updated firmware.

“Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched,” the spokesperson told us.

Earlier this year a security flaw that could have allowed hackers to access audio and video from the doorbell. Amazon fixed the issue with a firmware update. The Amazon Ring doorbell has also found itself mired in controversy thanks to its partnerships with police departments.

A previous Ring security flaw was found earlier this year that could have allowed hackers to access video and audio from the doorbell, making it easy for a hacker to spy on the homeowner and any other member of their family. Amazon updated the Ring app to address the vulnerability.

The Amazon Ring doorbell has received other criticisms for privacy issues before, namely for its partnerships with police departments. 

Sue Walsh

About Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Leave a Reply