Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers -- Security Today

Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

Researchers found that the Wi-Fi passwords were sent over the network in plain HTTP rather than being encrypted.

By Haley Samsel
Nov 11, 2019

Ring doorbells contained a security vulnerability that exposed passwords to the Wi-Fi networks they were connected to, according to research published by Bitdefender.

The security technology company said that the doorbell, which is owned and sold by Amazon, was sending Wi-Fi passwords in cleartext, or unencrypted text, as the doorbell joined the network. This vulnerability would allow nearby hackers to learn the Wi-Fi password and potentially gain access to other devices connected to the network, TechCrunch reported.

“When first configuring the device, the smartphone app must send the wireless network credentials,” Bitdefender wrote. “This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”

The issue was ultimately fixed on all Ring doorbells in September but was not disclosed to users until this week. Researchers at Bitdefender told Amazon about the vulnerability in June, stating that all of the exchanges required to configure the device with a smartphone app are performed through “plain HTTP.”

“This means the credentials are exposed to any nearby eavesdroppers,” the report reads.

There is no evidence that the vulnerability was ever used against users, according to TechCrunch.

Hackers could also trigger the reconfiguration of the Ring doorbell by overloading it with deauthentication messages, causing the device to get dropped from the WiFi network. The mobile app would lose connectivity with the device and ask the user to reconfigure it, allowing hackers another path to intercept the network, according to the report.

Smart home technology has become increasingly popular in recent years but has not come without security issues. In a report published in July, researchers found that they were able to unlock front doors remotely with a now-discontinued smart home hub called ZipaMacro.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West
Live From ISC West 2024: Post-Show Recap

ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now
- Industry Events
- ISC West
ISC West 2024 is a Rousing Success

The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

ComNet CNGE6FX2TX4PoE

The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3
Hanwha QNO-7012R

The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

ISC West 2024 Welcomed More Than 29,000 Attendees

Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution

Allegion US Features Interoperability, Mobile Credentials and More at ISC West

Altronix Showcases Products to Protect Critical Infrastructure at ISC West

Axis Communications Launches Axis Cloud Connect at ISC West 2024

Genetec Security Center SaaS Supports Direct-to-Cloud Workflows With Axis, Bosch, Hanwha, and i-PRO Devices

ASSA ABLOY Introduces Centrios, a New Access Control Brand for Small Businesses