Connected doorbell vulnerability exposed.
Internet connected tech has worked its way into a lot of aspects of everyday life. From IoT medical implants to crock pots that you can turn on and off from anywhere with your smartphone to light bulbs that respond to feedback from the connected thermostat in order to save energy , connectivity has made life safer, more secure, and more convenient.
But not every device has been as secure as consumers–or even their manufacturers–had hoped. Stories of security flaws that compromised users’ accounts and allowed hackers to gain access to other devices on their network are all too common.
Ring, recently acquired by Amazon, suffered a similar flaw. This IoT doorbell serves as a camera and two-way speaker that connects the device to the homeowner’s smartphone, allowing them to “answer” the door by opening the app on their phones. They can see the individual at the door, speak to that person, and even record the interaction. An arrest was recently made in a shooting thanks to information investigators gleaned by watching the footage from the homeowner’s Ring doorbell.
Access via app
The flaw, however, allowed users who no longer had access to the Ring account to still access the doorbell via their smartphone apps. This situation presented a problem when one couple broke up; the remaining homeowner changed the password and still controlled the account, but the other party who had moved out was still able to see the activity on the doorbell. This essentially allowed them to spy on whomever was coming over.
Ring states that they have fixed the flaw, and that changing the password on the account will also remove any users–both account holders and anyone who is unauthorized–from the app. However, an updated statement to Gizmodo mentions that this blocking from the app is not instantaneous, and can take up to an hour to take effect.
Got a connected device? You need BullGuard IoT Scanner to keep you safe – download it for free now – here on FileHippo.