Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Researchers found that the Wi-Fi passwords were sent over the network in plain HTTP rather than being encrypted.

  • By Haley Samsel
  • Nov 11, 2019

Ring doorbells contained a security vulnerability that exposed passwords to the Wi-Fi networks they were connected to, according to research published by Bitdefender.

The security technology company said that the doorbell, which is owned and sold by Amazon, was sending Wi-Fi passwords in cleartext, or unencrypted text, as the doorbell joined the network. This vulnerability would allow nearby hackers to learn the Wi-Fi password and potentially gain access to other devices connected to the network, TechCrunch reported.

“When first configuring the device, the smartphone app must send the wireless network credentials,” Bitdefender wrote. “This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”

The issue was ultimately fixed on all Ring doorbells in September but was not disclosed to users until this week. Researchers at Bitdefender told Amazon about the vulnerability in June, stating that all of the exchanges required to configure the device with a smartphone app are performed through “plain HTTP.”

“This means the credentials are exposed to any nearby eavesdroppers,” the report reads.

There is no evidence that the vulnerability was ever used against users, according to TechCrunch.

Hackers could also trigger the reconfiguration of the Ring doorbell by overloading it with deauthentication messages, causing the device to get dropped from the WiFi network. The mobile app would lose connectivity with the device and ask the user to reconfigure it, allowing hackers another path to intercept the network, according to the report.

Smart home technology has become increasingly popular in recent years but has not come without security issues. In a report published in July, researchers found that they were able to unlock front doors remotely with a now-discontinued smart home hub called ZipaMacro.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Surveillance Cameras Provide Peace of Mind for New Florida Homeowners

    Managing a large estate is never easy. Tack on 2 acres of property and keeping track of the comings and goings of family and visitors becomes nearly impossible. Needless to say, the new owner of a $10 million spec home in Florida was eager for a simple way to monitor and manage his 15,000-square-foot residence, 2,800-square-foot clubhouse and expansive outdoor areas. Read Now

  • Survey: 72% of CISOs Are Concerned Generative AI Solutions Could Result In Security Breach

    Metomic recently released its “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic surveyed more than 400 Chief Information Security Officers (CISOs) from the U.S. and UK to gain deeper insights on the state of data security. The report includes survey findings on various cybersecurity issues, including security leaders’ top priorities and challenges, SaaS app usage across their organization, and biggest concerns with implementing generative AI solutions. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3