Posted on November 9, 2019 at 11:55 AM
Researchers Expose a Security Weakness in Amazon’s Ring Doorbell
Some safety researchers have discovered that there is a loophole in Amazon’s ring Doorbell, which exposes the Wi-Fi passwords of users.
According to Bitdefender, the vulnerability may have exposed the passwords and usernames of some Wi-Fi users to intending hackers. The issue is a result of encryption of the Wi-Fi information of users when they are setting up an internet connection on the Wi-Fi.
Bitdefender notes that the Wi-Fi collects data from the user’s network when they want to configure the mode for internet access via its smartphone app. And because the network exchanges the data through HTTP, it leaves the user vulnerable to external unauthorized access. Anyone locking around can easily connect over the WI-Fi to steal the user’s personal information, Bitdefender noted.
The hacker can have access to the user’s data either by already connecting to the Wi-Fi or staying close to the user’s doorbell. The worst part is, even after the user has completed the configuration of the ring device, the hacker can still gain access to their data and information.
How the hacker gains access
The hacker can use a de-authentication message to open up the device to configuration mode. It will force the ring doorbell to stop connection to the Wi-Fi network immediately.
When the hacker has successfully disconnected from the network, the Ring Mobile app will now ask the user to reconfigure the device.
Once the hacker has obtained the login credentials of the user, they can move on to other connected devices within the network. It has been a very disturbing issue, as the doorbell users are vulnerable to hackers. The problem is associated with the ring doorbell device of Amazon. However, the company has resolved the issue.
30 seconds is enough for the hacker
According to Bitdefender, when the user wants to configure the doorbell app, it usually sends wireless network information over Wi-Fi. It uses a vulnerable access point, which is largely insecure.
When the network comes up, the apps immediately connects and sends information through the local network. Bitdefender notes that this passage of information s carried over an insecure channel. As a result, someone close could have access to the same information. With that access, they can dig deeper to steal other valuable information from other connected devices.
It is a typical instance of the security problem with smartphone technology. Although these smartphone devices make our lives more comfortable, sometimes they are vulnerable and exposes our data to unauthorized persons.
Although setting up or configuring the Ring doorbell takes less than a minute, some hackers, who are close by, can retrieve those data even before the user completes the setup.
The situation was a dicey one because even the user may not know when they are hacked. It only takes a moment to configure the Rind device. But that moment is enough for any hacker close-by.
Problem already solved
When Amazon was alerted about the problem, the company engineered a quick-fix solution by carrying out an automatic update on the app. Amazon has since tightened the vulnerability since September, but it was only discovered by researchers just recently.
The vulnerability issue is not the only problem Rind Doorbell has faced in recent times. Already, Ring is receiving a negative review of its involvement and partnership with law enforcement.
Some Ring users are not happy that Ring is using videos on their doorbells. However, Ring insisted that it is in their terms and condition to use videos shared by its customers. A typical example is the recording of more than 2 million children trick-or-treating during Halloween. With this recent development regarding security, the company will surely come under more scrutiny by the public.