Login

Register

Login

Register

Home In Media Gadget News Amazon’s Ring Doorbell leaks customers’ Wi-Fi username and password

Amazon’s Ring Doorbell leaks customers’ Wi-Fi username and password

Earlier this year, Amazon’s Ring Video Doorbell Pro IoT (Internet of Things) devices were reported to be affected by a flaw that leaked customers’ Wi-Fi usernames and passwords. Amazon’s Ring Doorbell leaks have been causing a growing problem over the past few months, and here’s why.

Researchers working at Bitdefender discovered the problem in Amazon’s smart doorbells that “supposedly” combine security cameras with motion-detection to help protect people’s homes against intrusion. But what about user’s privacy data? That’s important too. Imagine the irony of a security camera leaking your personal credentials.

According to Bitdefender’s whitepaper published online, whenever an attacker would physically come close enough to any Amazon’s Ring Video Doorbell’s,  the hacker could easily exploit the flaw, becoming capable of intercepting user’s Wi-Fi network credentials.

Take a look at the excerpt below from Bitdefender’s researchers’ study, which clearly explains how the attack was done.


Vulnerability at a glance

When entering configuration mode, the device receives the user’s network credentials from the smartphone app. Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.

Another important step in exploitation is the fact that a hostile actor can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send deauthentication messages, so that the device gets dropped from the wireless network. At this point, the mobile app loses connectivity and instructs the user to reconfigure the device.


 

This is a very important and concerning issue, mainly because the proliferation of Amazon’s Ring doorbell surveillance cameras is not just a privacy and civil rights concern, but also a security threat.

The attackers could access user’s Wi-Fi credentials due to a problem in the initial configuration of the smart doorbell device. However, even worst, attackers could cause the device to fail and force a connectivity drop, and potentially even reconfigure the device to ultimately launch an attack on the home network.

Amazon’s Ring Doorbell leaks

That’s not only scary, but also not safety ensuring at all, which means that Amazon has some serious explaining to do.

Below you can take a look at the full press release on the issue.

 


Amazon’s Ring doorbells leaks customers’ Wi-Fi username and password

IMMEDIATE RELEASE: November 7, 2019

CONTACT: Evan Greer, 978-852-6457, [email protected]

Today, Cyberscoop reported a major security vulnerability in Amazon’s Ring doorbell app. Amazon’s Ring doorbells, which have already raised significant privacy and civil liberties concerns, have now been shown to be deeply insecure, exposing users Wi-Fi passwords to hackers.

With this Wi-Fi information, hackers can access customers’ personal home networks. It only gets scarier from there as hackers could use customer’s webcams to spy on them and their children, gain access to their bank accounts, and retrieve personal information necessary for identity theft.

“This is a classic example of how more surveillance does not mean more safety,” said Evan Greer, Deputy Director of Fight for the Future. “Amazon has consistently shown reckless disregard for privacy and civil liberties, but this is terrifying on a whole other level. Putting insecure cameras and listening devices around your home puts your family in danger. Congress should immediately investigate the threat posed by Amazon’s rapidly spreading, for-profit surveillance dragnet.”

Amazon’s surveillance network doesn’t only threaten our privacy and civil liberties, but our security as well. Meanwhile, millions of Americans continue to buy Ring products unaware of the dangers the technology and surveillance partnerships with police pose.

With over 550 partnerships across the country and millions of Americans potentially impacted, we need Congress to intervene. More than 10,000 people have already written lawmakers calling on them to investigate Amazon’s surveillance empire and their troubling partnerships with law enforcement.


 

While Amazon has already patched the vulnerability in its Ring smart doorbell device, that same flaw once again raises the security issues associated with IoT (Internet of Things).

Furthermore, the flaw also raises concerns about the persistent lack of security in smart-home devices that are exclusively designed to help people to protect their privacy and security; not to put those at danger and make it an aggravating issue.

David Novakhttps://www.gadgetgram.com
For the last 20 years, David Novak has appeared in newspapers, magazines, radio, and TV around the world, reviewing the latest in consumer technology. His byline has appeared in Popular Science, PC Magazine, USA Today, The Wall Street Journal, Electronic House Magazine, GQ, Men’s Journal, National Geographic, Newsweek, Popular Mechanics, Forbes Technology, Readers Digest, Cosmopolitan Magazine, Glamour Magazine, T3 Technology Magazine, Stuff Magazine, Maxim Magazine, Wired Magazine, Laptop Magazine, Indianapolis Monthly, Indiana Business Journal, Better Homes and Garden, CNET, Engadget, InfoWorld, Information Week, Yahoo Technology and Mobile Magazine. He has also made radio appearances on the The Mark Levin Radio Show, The Laura Ingraham Talk Show, Bob & Tom Show, and the Paul Harvey RadioShow. He’s also made TV appearances on The Today Show and The CBS Morning Show. His nationally syndicated newspaper column called the GadgetGUY, appears in over 100 newspapers around the world each week, where Novak enjoys over 3 million in readership. David is also a contributing writer fro Men’s Journal, GQ, Popular Mechanics, T3 Magazine and Electronic House here in the U.S.

Must Read

Hooke Lav – Wearable Pro-Grade Wireless Bluetooth Microphone (FULL REVIEW)

The Hooke Lav is a wearable pro-grade wireless Bluetooth microphone that can accurately capture pro-grade sound with no wires, no sound dropouts and no hassle. This wearable, dual-channel, and wireless Bluetooth microphone features a total of 8GB of internal storage as well as Bluetooth-connectivity to any Bluetooth-enabled device with the mere click of a button.

The Gift of Tech – The Latest Gizmos and Gadgets

Life is becoming increasingly technological, so you probably want to get the best tech gadgets around. This article discusses the latest gizmos released.

NURVV Run Insoles – Smart Insoles that Track Running Metrics (REVIEW)

The NURVV Run Insoles are Smart Insoles that are worn by runners during each running workout to accurately track their running metrics. With these smart shoe insoles, runners can analyze and better understand all of their running data to effectively improve their running performance. Without a doubt, this is a revolutionary wearable gadget that is guaranteed to help runners to easily and conveniently improve everything there is to improve about their running technique. With all that said, all that there's left to ask is... have you got the NURVV to improve your running technique?

3 Crucial Tips for Buying Electronic Gadgets & Accessories Online

Buying electronic gadgets online can save you quite a bit of money. Here are 3 great tips that'll guide you when shopping for electronic accessories online.

Noshinku Bergamot – Pocket Hand Sanitizer Gel Sprayer

The Noshinku Bergamot is a portable pocket hand sanitizer gel sprayer that contains an organic and safe-to-use hand sanitizer blend made of an oil mix of Bergamot, Jojoba, Argan, Rosehip and Coconut. While this sprayable hand sanitizer gel mix is ultra-effective and capable of killing up to 99.9% of germs that you can potentially come in contact with, its natural oils and botanical ingredients give it a really nice "fruity" aroma that’s super pleasant to smell, have both a Citrus, woody, and herbaceous fragrant smell.

Check Out Gagetguy On Indystyle

Check Out Gagetguy On PetPals TV