Amazon Ring doorbells exposed users’ Wi-Fi passwords

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

A flaw in Amazon's Ring doorbells leaked Wi-Fi credentials, opening customers up to attack

San Francisco, Nov 8 (SocialNews.XYZ) Amazon has rolled out a security patch for its widely-popular Ring Video Doorbell Pro after Bitdefender security researchers found that it was exposing Wi-Fi network credentials, thus, allowing nearby attackers to intercept them and compromise the household network, media reports said.

The vulnerability was discovered by researchers at cybersecurity firm Bitdefender.

TL;DR: The Ring Video Doorbell 2 and Echo Show 5 typically retail for $199 and $89.99, respectively, but you'll pay just $149 if you bundle them together through Amazon - a 50% savings.

If you've ever expressed concern about the security implications of Amazon Ring connected doorbells; if you've ever voiced privacy concerns about letting Amazon have such a portal into your life. your fears have been justified.

The doorbell's operator would then have to see that the doorbell is disconnected, which may have to have the attacker or an individual else to ring the doorbell prior to the specific owner realizes the doorbell is offline. Researchers from Bitdefender notified Ring in June of a flaw in Ring Online video Doorbell Professional cameras' software program that designed it attainable for wireless eavesdroppers to seize the Wi-Fi qualifications of clients through the device's setup-because all those credentials were being sent more than an unsecured Wi-Fi link to the machine using unencrypted HTTP. While this seems unlikely, the issue was further compounded by the fact that a remote reconfiguration of the doorbell could be triggered at will. One way to do this is to continuously send deauthentication messages, so that the device gets dropped from the wireless network. "At this point, the mobile app loses connectivity and instructs the user to reconfigure the device", the statement added.

The Internet of Things (IoT) has become a primary target for cybercriminals, exploiting vulnerabilities in them.

The bug is yet another lesson in the security problems that people who connect up smart home gadgets could face more often in the future. The couple had installed a Nest system, (a setup of camera, doorbell, and thermostat) in their home past year.

The patch released by Ring to mitigate the vulnerability ensures that the device uses an HTTPS connection while broadcasting a Wi-Fi signal for the phone to grab.

Latest News