A new report from security researchers alleges that Amazon Ring doorbells have exposed users’ home Wi-Fi passwords to hackers.
TechCrunch reports that security researchers at Bitdefender have claimed that Amazon Ring doorbells were sending users Wi-Fi passwords in cleartext as the doorbell joins the home network. This would allow hackers to intercept the Wi-Fi password and gain access to users’ local network.
Bitdefender stated: “When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”
All of this happens over an unencrypted connection which exposes the Wi-Fi password being sent over the air. The vulnerability was reportedly fixed by Amazon in September but the vulnerability was only recently disclosed.
A Ring spokesperson provided the following statement to Breitbart News: “Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched.”
This is yet another vulnerability recently discovered in smart home devices, Breitbart News reported a team of researchers from Tokyo’s University of Electro-Communications and the University of Michigan recently claimed to have discovered a way to “hijack” voice-enabled devices by shining a laser at the microphones of the devices.