RING DOORBELLS have been found to have a vulnerability which could let a passing hacker attack your entire WiFi network.
Researchers at Bitdefender discovered the flaw back in June and have been working with Amazon-owned Ring to mitigate it. To be utterly fair to Ringazon, a partial fix has been deployed, for the 'Pro' model featured in this report.
Anyway, back to the muckraking. Ring is largely cloud-based product but during setup, your WiFi credentials are shared with the device. This takes place with no encryption.
That means that if someone was near your house and had a mind, all they'd need to do is enter setup mode on the doorbell (we won't tell you how to do that here, lest we become part of the problem), and connect to the Ring's WiFi network which becomes active. Then, using a packet sniffer, the attacker simply needs to wait for the WiFi network credentials to be sent, in the clear, to the doorbell, where they can be easily intercepted.
Bitdefender points out that there is a slight break in the chain, caused because the doorbell will still work as a doorbell, meaning that the owner may not be alerted to the problem until they try and use the app. As such, it relies on the hacker having physical access to the doorbell, you not noticing them fiddling with it, and then for you to notice that the doorbell is offline in a reasonable timeframe.
It sounds far fetched, but if it can be exploited, someone will try, so it remains important to get this mitigated as quickly as possible.
Bitdefender reports that Ringazon has been cooperative without, and is already working on a wider fix.
Given that the setup process for many other smart home products is similar, the rush is now on to see if any other brands have made the same mistake. μ
Hype for HyperThreading
Hey kids, leave them iPhones alone
The Mac lady sings
Babel in yo ear