Posts: 2,631 +614
Romanian cybersecurity firm Bitdefender has found a venerability in Ring doorbells that allowed it to intercept the WiFi credentials of the device's network. It discovered the security hole on Amazon's Ring Video Doorbell Pro, but since it is a basic functionality of the firmware, it affects all Ring devices.
It appears that network credentials are leaked during the configuration process so that someone sniffing packets can intercept them. Once an attacker has access to the network, many Internet of Things (IoT) devices become vulnerable to exploitation.
"There's a fundamental problem with the way people treat their home networks," Bitdefender's Chief Security Researcher Jay Balan told Gizmodo, "Everybody believes that their home network is safe. This is why the security is much more lax on your home network. There's no password on your TV, for example, because people think it's their private network. Apps are, by design, insecure on private networks."
This lack of added security on IoT devices in homes makes them more susceptible to simple but creative exploits. Balen gave an example of a scenario involving using a smart speaker to unlock the door to the house.
"At the moment of publishing this paper, all Ring Doorbell Pro cameras have received a security update that fixes the issue. We appreciate the Ring team's efforts to mitigate the issue and keep their customers safe."
"There are a million scenarios that you can run," he said. "Let's say there's a vulnerable speaker system on the home network; many speaker systems accept people's music without any authentication. A very possible scenario is that you could send an audio file to the speaker that says, 'Alexa, open the front door.'"
Fortunately, the weakness the researchers discovered is not easy to execute. The attacker must first be physically close to the network, like right outside the house. Then the owner of the Ring has to be tricked into thinking the device is malfunctioning. Bitdefender said this ruse could be accomplished by continually sending de-authentication messages, so the doorbell is dropped from the network.
Even then, it may take quite a while for the user to notice that the device is not acting correctly because the doorbell will continue to work. However, the "Live View" button in the Ring app will be greyed out.
Once the owner notices, he or she must then reconfigure the doorbell This is the very last step of troubleshooting a malfunction, but reconfiguration is where the credential leak occurs.
"The credentials of the local wireless network are sent through an unsecure channel (an open network)," Bitdefender outlined in its white paper. "This can be exploited by a nearby attacker to obtain the user's network credentials."
The security watchdog notified Amazon in September of the weakness but waited until Thursday, November 7, disclose it to the public, well after a patch was rolled out.
"Customer trust is important to us, and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it's since been patched," Ring told PCMag.
Bitdefender has all the technical details posted on its website.
Image credit: BrandonKleinVideo via Shutterstock