Beset by short sellers, Truth Social’s ‘patriots’ push for supporters to buy the Trump Media dip
EXCLUSIVE: Why did Minnesota accept and then reject a Muslim organizer for its genocide curriculum committee?
Marjorie Taylor Greene tries to block Israel aid with trolling amendment demanding ‘space laser technology’
Oklahoma education official Ryan Walters ends speech amid protest after saying ‘never back down to a woke mob’
‘A basic mistake’: Tepid pushback on Biden’s claim his uncle was eaten by cannibals flamed by conservatives
‘Five hours to reset a computer?’: Cybertruck owner says touchscreen broke after going to a car wash
‘I’m so proud of her!’: Far-right trolls post video bragging about their baby saying a racial slur
Military-themed brewery tries to raise investment capital by building massive beer can wall on the U.S.-Mexico border
‘Racism, sexism, classism all in one message’: A woman spent a year meeting men on right-wing dating app The Right Stuff
Bored, maybe reading, also incredibly focused: Trump attorney Alina Habba tries, fails to explain claim former president slept in court
Heavy rains, massive flooding in Dubai accused of being caused by cloud seeding gone wrong
Kyle Rittenhouse’s choice of Kent State for Second Amendment speech infuriates students
amazon-ring-doorbell-wifi

Wikipedia (CC-BY-SA)

Amazon Ring doorbells exposed users’ WiFi passwords

Usernames and passwords were transmitted unencrypted from Ring's app to the doorbell.

 

Mikael Thalen

Tech

Posted on Nov 7, 2019   Updated on May 19, 2021, 11:30 pm CDT

A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.

Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.

“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”

This means a hacker would either have to be close to the doorbell or already on a user’s WiFi network to grab their credentials.

To make matters worse, a hacker could still obtain a username and password even after the Ring device has been set up.

A hacker could make the doorbell to reenter the configuration mode by flooding the device with de-authentication messages, forcing it to disconnect from the WiFi network. A user would then be asked by Ring’s mobile app to reconfigure their device.

After obtaining a user’s WiFi login information, a hacker could then start attacking other devices connected to that network.

Bitdefender says the issue, which affected Amazon’s Ring Video Doorbell Pro model, has since been fixed.

After alerting Amazon to the discovery, the company issued a security fix as part of an automatic update.

News of the vulnerability comes as Ring faces scrutiny over its practices and involvement with law enforcement.

In a recent blog post, Ring revealed just how much data it gathers after it admitted to recording millions of children trick-or-treating on Halloween. The company, which says its doorbells were rung 15.8 million times that evening, even showed footage of different children.

According to its terms of service, the company reserves the right to use any video shared by its customers.

READ MORE: 

H/T CyberScoop

Share this article
*First Published: Nov 7, 2019, 7:16 pm CST

Mikael Thalen

Mikael Thalen is a tech and security reporter covering social media, data breaches, hackers, and more.

 

Featured Local Savings

Exit mobile version