Article 4TTAE Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

by
Zack Whittaker
from Crunch Hype on (#4TTAE)

Security researchers have discovered a vulnerability in Ring doorbells that exposed the password for the Wi-Fi network it was connected to.

Bitdefender said the Amazon-owned doorbell was sending its owner's Wi-Fi password in cleartext as the doorbell joins the local network, allowing for nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger attacks or conduct surveillance.

"When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point," said Bitdefender. "Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network."

But all of this is carried out over an unencrypted connection, exposing the Wi-Fi password that is sent over the air.

Amazon fixed the vulnerability in all Ring devices in September, but the vulnerability was only disclosed today.

It's another example of smart home technology suffering from security issues. As much as smart home devices are designed to make our lives easier and homes more secure, researchers keep finding vulnerabilities that allow them to get access to the very thing they're trying to protect.

Earlier this year, flaws in a popular smart home hub allowed researchers to break into a person's home by triggering a smart lock to unbolt the door.

Amazon has faced intense scrutiny in recent months for Ring's work with law enforcement. Several news outlets, including Gizmodo, have detailed the close relationship Ring has with police departments, including their Ring-related messaging.

It was reported this week that Ring had bragged on Instagram about tracking millions of trick-or-treaters this Halloween.

Security flaws in a popular smart home hub let hackers unlock front doors

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=0yuslamn330:_TzDB_svWlg:-BT Techcrunch?i=0yuslamn330:_TzDB_svWlg:D7D Techcrunch?d=qj6IDK7rITs0yuslamn330
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/TechCrunch/
Feed Title Crunch Hype
Feed Link https://techncruncher.blogspot.com/
Reply 0 comments