Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Researchers found that the Wi-Fi passwords were sent over the network in plain HTTP rather than being encrypted.

  • By Haley Samsel
  • Nov 11, 2019

Ring doorbells contained a security vulnerability that exposed passwords to the Wi-Fi networks they were connected to, according to research published by Bitdefender.

The security technology company said that the doorbell, which is owned and sold by Amazon, was sending Wi-Fi passwords in cleartext, or unencrypted text, as the doorbell joined the network. This vulnerability would allow nearby hackers to learn the Wi-Fi password and potentially gain access to other devices connected to the network, TechCrunch reported.

“When first configuring the device, the smartphone app must send the wireless network credentials,” Bitdefender wrote. “This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”

The issue was ultimately fixed on all Ring doorbells in September but was not disclosed to users until this week. Researchers at Bitdefender told Amazon about the vulnerability in June, stating that all of the exchanges required to configure the device with a smartphone app are performed through “plain HTTP.”

“This means the credentials are exposed to any nearby eavesdroppers,” the report reads.

There is no evidence that the vulnerability was ever used against users, according to TechCrunch.

Hackers could also trigger the reconfiguration of the Ring doorbell by overloading it with deauthentication messages, causing the device to get dropped from the WiFi network. The mobile app would lose connectivity with the device and ask the user to reconfigure it, allowing hackers another path to intercept the network, according to the report.

Smart home technology has become increasingly popular in recent years but has not come without security issues. In a report published in July, researchers found that they were able to unlock front doors remotely with a now-discontinued smart home hub called ZipaMacro.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West

  • Live From ISC West 2024: Post-Show Recap

    ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now

    • Industry Events
    • ISC West

  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3