While smart doorbells are a convenience, they are also vulnerable to cyber attacks. Researchers have discovered numerous popular smart doorbell models to have serious security lapses. Thus, they pose a threat to user security.
Smart Doorbells Found Vulnerable
Researchers from NCC Group and the consumer magazine Which? together performed a detailed analysis of various smart doorbells.
As per the details revealed, the two tested and found multiple smart doorbells vulnerable to cyber attacks.
According to the Which? blog post, they tested about 11 different doorbell brands popular on online marketplaces.
Below we quickly review the vulnerable smart doorbells and the respective issues they exhibit.
- Victure VD300 – the device transmits the WiFi credentials to its servers in China in unencrypted form. This allows an adversary to intercept the traffic and steal the credentials. Thus, an attacker can even take over the entire internet network of the user.
- Unbranded cloned devices of Victure VD300 – similar vulnerabilities as that of Victure.
- Qihoo 360 D819 – stores recordings in unencrypted form. Also prone to theft as it’s easily detachable.
- Ctronics CT-WDB02 – exposes network passwords just like Victure.
- Unbranded V5 WiFi doorbell – a physical clone to Ring doorbell, this unbranded doorbell is easy to pull offline by an attacker.
- Unbranded Smart WiFi Doorbell
- Accfly Smart Video Doorbell V5
- Unbranded smart doorbell XF-IP007H
Some more vulnerabilities that the researchers discovered in various unbranded smart doorbells included KRACK, extensive data collection, absence of data encryption, and poor password policies.
The researchers at NCC Group have shared more technical details of these vulnerabilities in their report.
Suggested Security Practices
This isn’t the first time that smart doorbells have turned out to be a security threat. Rather, in the past, even the devices from popular brands, such as Ring doorbells, have also been caught with security flaws.
In fact, IoT security still remains a critical issue even after the popularity of this niche.
Nonetheless, users can protect themselves from becoming a victim by following some basic security tips recommended by Which? that includes,
- Avoiding unbranded devices
- Going through customer reviews (the genuine ones)
- Frequently changing the passwords
- Enabling 2FA wherever possible
- Keeping the devices updated with the latest firmware
Let us know your thoughts in the comments.