Continuing on the trail of smart security systems exhibiting security issues, now joins Amazon’s smart doorbells. Researchers found a serious vulnerability in the Ring Video Doorbell.
Vulnerability In Amazon’s Ring Video Doorbell
Researchers from Bitdefender have discovered a serious security vulnerability in Amazon’s Ring Video Doorbell. As elaborated in a white paper, the researchers found that the Ring Video Doorbell actually exposed the homes’ security to attacks over WiFi. Exploiting the flaw required an attacker to be in close proximity to the target home. The attacker could then intercept the WiFi network of the target home.
According to the researchers, Ring Video Doorbells possess numerous features that reduce the risks of cyber attacks. For instance, they manage all communications via different API endpoints solely through the company’s cloud services. Moreover, these devices also connect locally to the WiFi network without exposing any other services.
However, the devices still exhibited flaws. For instance, during the initial configuration, the doorbells processed the network credentials over http only. Thus, a potential attacker on the network could intercept the credentials.
To do so, the attacker would simply trick the user to reconfigure the device, such as by sending deauthentication messages. Then, when the user reconfigures the device, the attacker could receive the credentials, whilst sniffing the data packets as well.
Amazon Patched The Flaw
After finding the vulnerability, Bitdefender reported the bug to Amazon. Though, they faced some trouble as the vendors marked the report as duplicate. Nonetheless, the researchers could compel the vendor for a fix ‘after some back and forth’.
Now, Bitdefender has confirmed that Amazon has fixed the vulnerability in all Ring Doorbell Pro cameras.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Google Patched “Awesome” XSS Vulnerability Found In Gmail Dynamic Email Feature - November 19, 2019
- Another WhatsApp Vulnerability Could Allow Installation of Spyware Through MP4 Videos - November 19, 2019
- Fake Android Ad Blocker Barrages Users With Ads - November 18, 2019