- TikTok users jokingly wear big hats to sneak snacks into movie theaters 7 Days Ago
- Why today’s new facially recognition bill is being called ‘woefully’ inadequate 7 Days Ago
- Facebook has given more user data to the government than ever before Today 2:57 PM
- Instagram included in Facebook transparency report for the first time Today 1:46 PM
- PayPal pulls out of Pornhub, leaving sex workers to consider cryptocurrency Today 1:46 PM
- Billionaires are resorting to making racist jokes against Warren now Today 1:30 PM
- What is the meme of the decade? Today 1:07 PM
- At least 5 employees resign from GitHub, citing ICE contract Today 12:57 PM
- The ‘Sonic the Hedgehog’ redesign was led by a ‘Sonic’ artist Today 12:17 PM
- The 16-inch MacBook Pro is a beast, and it has a decent keyboard Today 11:24 AM
- This group is scanning thousands of faces in Congress today to protest facial recognition Today 11:09 AM
- Why is everyone debating Pete Buttigieg’s Medicare for All stance? Today 10:47 AM
- The Motorola Razr is a foldable homage to millennial nostalgia Today 10:22 AM
- The ‘I’m baby’ meme gets much more literal on TikTok Today 10:20 AM
- MrDeadMoth avoids jail time for assaulting pregnant partner during live stream Today 9:21 AM
A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.
Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.
“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”
This means a hacker would either have to be close to the doorbell or already on a user’s WiFi network to grab their credentials.
To make matters worse, a hacker could still obtain a username and password even after the Ring device has been set up.
A hacker could make the doorbell to reenter the configuration mode by flooding the device with de-authentication messages, forcing it to disconnect from the WiFi network. A user would then be asked by Ring’s mobile app to reconfigure their device.
After obtaining a user’s WiFi login information, a hacker could then start attacking other devices connected to that network.
Bitdefender says the issue, which affected Amazon’s Ring Video Doorbell Pro model, has since been fixed.
After alerting Amazon to the discovery, the company issued a security fix as part of an automatic update.
News of the vulnerability comes as Ring faces scrutiny over its practices and involvement with law enforcement.
In a recent blog post, Ring revealed just how much data it gathers after it admitted to recording millions of children trick-or-treating on Halloween. The company, which says its doorbells were rung 15.8 million times that evening, even showed footage of different children.
According to its terms of service, the company reserves the right to use any video shared by its customers.
- Ring thought surveillance videos of trick-or-treaters were a good PR opportunity
- What is the Amazon Echo Show, and how does it work?
- Amazon Alexa is the home assistant you never knew you needed
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.