- Disabled people with service dogs say Uber, Lyft drivers are denying them rides Today 3:25 PM
- TikTok teen famous for greasy hair ends her 8-year reign Today 2:48 PM
- Police handcuff brown man at subway station for carrying a toy gun Today 1:20 PM
- Fake clip of Sanders quoting infamous ‘hot chip’ tweet is duping people online Today 1:16 PM
- The Mars Volta’s Cedric Bixler-Zavala alleges Scientologists behind dog’s death Today 12:46 PM
- Eminem responds to critics: ‘This album was not made for the squeamish’ Today 12:42 PM
- ‘The poet, the poem’ meme takes iconic lines and turns them into art Today 12:40 PM
- People are making dark memes about the coronavirus Today 12:27 PM
- Trump camp’s ‘head on a pike’ impeachment threat hit with memes Today 11:34 AM
- What is the #FreeBritney movement, and why is Cher tweeting about it? Today 10:52 AM
- This YouTuber claims the Saudi government plotted to kidnap him on U.S. soil Today 10:30 AM
- Report: Jack Dorsey declined to host a fundraiser for Tulsi Gabbard Today 10:22 AM
- Bernie Sanders plugs Joe Rogan endorsement—and women are furious Today 10:04 AM
- Young woman using TikTok to document the end of her life says she’s dying next week Today 8:43 AM
- London’s real-time facial recognition program a ‘breathtaking assault’ on civil rights Today 8:23 AM
A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.
Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.
“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”
This means a hacker would either have to be close to the doorbell or already on a user’s WiFi network to grab their credentials.
To make matters worse, a hacker could still obtain a username and password even after the Ring device has been set up.
A hacker could make the doorbell to reenter the configuration mode by flooding the device with de-authentication messages, forcing it to disconnect from the WiFi network. A user would then be asked by Ring’s mobile app to reconfigure their device.
After obtaining a user’s WiFi login information, a hacker could then start attacking other devices connected to that network.
Bitdefender says the issue, which affected Amazon’s Ring Video Doorbell Pro model, has since been fixed.
After alerting Amazon to the discovery, the company issued a security fix as part of an automatic update.
News of the vulnerability comes as Ring faces scrutiny over its practices and involvement with law enforcement.
In a recent blog post, Ring revealed just how much data it gathers after it admitted to recording millions of children trick-or-treating on Halloween. The company, which says its doorbells were rung 15.8 million times that evening, even showed footage of different children.
According to its terms of service, the company reserves the right to use any video shared by its customers.
- Ring thought surveillance videos of trick-or-treaters were a good PR opportunity
- What is the Amazon Echo Show, and how does it work?
- Amazon Alexa is the home assistant you never knew you needed
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.