Ding-dong! Crime calling!
As cool as IOT connectivity is, it’s important to remember that having more internet-connected devices in your home presents hackers with more avenues to break into your stuff. Smart assistants and cameras can be hacked to retrieve user data, but for the most part, the companies that develop these devices do their best to patch out any exploits. Still, sometimes things slip through the cracks where you least expect them. Like your doorbell, for example.
Security research firms discovered an exploitable vulnerability in Amazon’s line of Ring smart doorbell cameras. A hacker could theoretically retrieve user password data from any Ring doorbell connected to wi-fi. In fact, they almost hand them right out; anyone who connects to a Ring doorbell over a local network can see passwords written out in plain text, clear as day. Lose your password, lose control of your network, or worse.
“When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point,” said security organization Bitdefender. “Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”
Thankfully, this vulnerability was discovered and patched by Amazon back in September, but the vulnerability’s existence was only learned of this week. Multiple tech companies have gotten some recently for the holes in their smart devices’ programming. A similar incident occurred earlier in the year when it was discovered that Zipato smart hubs could be hacked to remotely unlock someone’s front door.