Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Researchers found that the Wi-Fi passwords were sent over the network in plain HTTP rather than being encrypted.

Ring doorbells contained a security vulnerability that exposed passwords to the Wi-Fi networks they were connected to, according to research published by Bitdefender.

The security technology company said that the doorbell, which is owned and sold by Amazon, was sending Wi-Fi passwords in cleartext, or unencrypted text, as the doorbell joined the network. This vulnerability would allow nearby hackers to learn the Wi-Fi password and potentially gain access to other devices connected to the network, TechCrunch reported.

“When first configuring the device, the smartphone app must send the wireless network credentials,” Bitdefender wrote. “This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”

The issue was ultimately fixed on all Ring doorbells in September but was not disclosed to users until this week. Researchers at Bitdefender told Amazon about the vulnerability in June, stating that all of the exchanges required to configure the device with a smartphone app are performed through “plain HTTP.”

“This means the credentials are exposed to any nearby eavesdroppers,” the report reads.

There is no evidence that the vulnerability was ever used against users, according to TechCrunch.

Hackers could also trigger the reconfiguration of the Ring doorbell by overloading it with deauthentication messages, causing the device to get dropped from the WiFi network. The mobile app would lose connectivity with the device and ask the user to reconfigure it, allowing hackers another path to intercept the network, according to the report.

Smart home technology has become increasingly popular in recent years but has not come without security issues. In a report published in July, researchers found that they were able to unlock front doors remotely with a now-discontinued smart home hub called ZipaMacro.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

  • How COVID-19 Has Revolutionized Aviation Security How COVID-19 Has Revolutionized Aviation Security

    In this episode of SecurPod, Ralph C. Jensen and Steve Karoly talk about the COVID-19 pandemic and the changes experienced in the aviation security vertical. The pandemic has changed society and our way of life. It has also brought about seismic changes.

Digital Edition

  • Security Today Magazine - May June 2021

    May June 2021

    Featuring:

    • Tapping into Touch-free Digital
    • Deep Learning
    • Working from Home
    • Body-worn Technology
    • A Tragic Turn of Events

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety