Ring says the vulnerability was fixed in September, but it did not report the problem until now. Wouldn’t you think Ring owners would have wanted to be notified immediately upon discovery so they could at least change passwords on their Wi-Fi routers?
TN has said many times that Big Tech Technocrats barely treat security even as an afterthought. Getting products to market is far more important than consumer security and safety. ⁃ TN Editor
A new report from security researchers alleges that Amazon Ring doorbells have exposed users’ home Wi-Fi passwords to hackers.
TechCrunch reports that security researchers at Bitdefender have claimed that Amazon Ring doorbells were sending users Wi-Fi passwords in cleartext as the doorbell joins the home network. This would allow hackers to intercept the Wi-Fi password and gain access to users’ local network.
Bitdefender stated: “When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”
All of this happens over an unencrypted connection which exposes the Wi-Fi password being sent over the air. The vulnerability was reportedly fixed by Amazon in September but the vulnerability was only recently disclosed.
A Ring spokesperson provided the following statement to Breitbart News: “Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched.”
This is yet another vulnerability recently discovered in smart home devices, Breitbart News reported a team of researchers from Tokyo’s University of Electro-Communications and the University of Michigan recently claimed to have discovered a way to “hijack” voice-enabled devices by shining a laser at the microphones of the devices.
So Ring devices make this mistake once each, at set up time, and at Wi-Fi signal levels. Sloppy, to be sure, but hardly what I would call significant breach potential — compared to, say, the WEP penetration or the WPA2 KRACK breach, both of which exposed the networks of every user of a wireless router.
So Ring devices make this mistake once each, at set up time, and at Wi-Fi signal levels. Sloppy, to be sure, but hardly what I would call significant breach potential — compared to, say, the WEP penetration or the WPA2 KRACK breach, both of which exposed the networks of every user of a wireless router.