Amazon Ring Video Doorbell Pro’s Vulnerability

How the vulnerability worked


102
Share via
1 share, 102 points
Share via

Sponsored by Amazon Ring Video Doorbell

 

 

Researchers have discovered a vulnerability in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker to intercept the owner’s Wi-Fi network credentials. But Amazon has quickly upgraded its security.

Check out this Video Ring Doorbell on Amazon

The vulnerability was part of a responsible disclosure process, was fixed and delivered via automated update by Ring’s dev team. Amazon’s Ring Video Doorbell Pro IoT is an immensely popular device with almost 17,000 reviews and more than 1000 answered questions on the Amazon.com website.



 

How the vulnerability worked

During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi. Worthy mentions:

  • The attacker doesn’t need to know anything about the victim’s network and does not need to be associated with that WiFi access point. Sniffing WiFi packets broadcasted over unencrypted channels is standard in the WiFi RFC
  • Attackers can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send de-authentication packets, so that the device is dropped from the wireless network. At this point, the App loses connectivity and tells the user to reconfigure the device.


 

Impact

Once in possession of a user’s WIFI password, an attacker has full access to the network (worth mentioning that security on internal network is really lax with many devices (such as Smart TVs) allowing interaction even without any authentication whatsoever). Examples of possible things an attacker might do without user knowledge on Amazon Ring Video Doorbell:

  • Interact with all devices within the household network;
  • Intercept network traffic and run ‘man-in-the-middle’ attacks
  • Access all local storage (NAS, for example) and subsequently access private photos, videos and other type of information
  • Exploit all vulnerabilities existing in the devices connected to the local network and get full access to each and every device; that may lead into reading emails and private conversations
  • Get access to security cameras and steal video recordings
Read more  #LeadersTalk with Olympus Scientific Solution
Buy this Amazon Ring Doorbell today

What the user needs to do

The Amazon Ring Video Doorbell already received an automatic security update that fixes the issue.

So, to be on the safe side Ring Video Doorbell Pro users can make sure they have the latest update installed and if this is the case, they’re safe.

Share via


Like it? Share with your friends!

102
Share via
1 share, 102 points

0 Comments

Your email address will not be published. Required fields are marked *

I accept the Privacy Policy * for Click to select the duration you give consent until.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend