Multiple Smart Doorbells Found Vulnerable To Cyber Attacks

While smart doorbells are a convenience, they are also vulnerable to cyber attacks. Researchers have discovered numerous popular smart doorbell models to have serious security lapses. Thus, they pose a threat to user security.

Smart Doorbells Found Vulnerable

Researchers from NCC Group and the consumer magazine Which? together performed a detailed analysis of various smart doorbells.

As per the details revealed, the two tested and found multiple smart doorbells vulnerable to cyber attacks.

According to the Which? blog post, they tested about 11 different doorbell brands popular on online marketplaces.

Below we quickly review the vulnerable smart doorbells and the respective issues they exhibit.

  • Victure VD300 – the device transmits the WiFi credentials to its servers in China in unencrypted form. This allows an adversary to intercept the traffic and steal the credentials. Thus, an attacker can even take over the entire internet network of the user.
  • Unbranded cloned devices of Victure VD300 – similar vulnerabilities as that of Victure.
  • Qihoo 360 D819 – stores recordings in unencrypted form. Also prone to theft as it’s easily detachable.
  • Ctronics CT-WDB02 – exposes network passwords just like Victure.
  • Unbranded V5 WiFi doorbell – a physical clone to Ring doorbell, this unbranded doorbell is easy to pull offline by an attacker.
  • Unbranded Smart WiFi Doorbell
  • Accfly Smart Video Doorbell V5
  • Unbranded smart doorbell XF-IP007H

Some more vulnerabilities that the researchers discovered in various unbranded smart doorbells included KRACK, extensive data collection, absence of data encryption, and poor password policies.

The researchers at NCC Group have shared more technical details of these vulnerabilities in their report.

Suggested Security Practices

This isn’t the first time that smart doorbells have turned out to be a security threat. Rather, in the past, even the devices from popular brands, such as Ring doorbells, have also been caught with security flaws.

In fact, IoT security still remains a critical issue even after the popularity of this niche.

Nonetheless, users can protect themselves from becoming a victim by following some basic security tips recommended by Which? that includes,

  • Avoiding unbranded devices
  • Going through customer reviews (the genuine ones)
  • Frequently changing the passwords
  • Enabling 2FA wherever possible
  • Keeping the devices updated with the latest firmware

Let us know your thoughts in the comments.

Related posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs