A vulnerability has been discovered in Amazon doorbell cameras which can be exploited by hackers to gain access to the owner’s household computer network.
Ring Doorbells have become extremely popular amongst smart home enthusiasts, however researchers at Bitdefender have discovered a vulnerability that potentially can cause a lot of harm for customers.
The flaw stems around the credentials of the local wireless network being sent through an unsecured channel through plain HTTP – thus leaving the credentials exposed to anyone.
“The application and the device communicate over HTTP, not over HTTPS, as the best security practices warrant. HTTP is a ‘sniffable’ protocol, which means that everything exchanged between parties can be eavesdropped on by a potential actor within physical proximity,” said Bogdan Botezatu, director of threat research and reporting at Bitdefender to ZDNet.
A threat actor could exploit this vulnerability and obtain the doorbell owner’s Wi-Fi password and use it to engage with other devices on the same household network.
Thus, threat actors could gain access to security cameras and NAS storage devices, thus allowing them to steal private, sensitive images, videos, emails and documents. A man-in-the-middle attack could also be made possible.
Alexandru “Jay” Balan, Bitdefender chief security researcher told Infosecurity Magazine: “With access to a user’s Wi-Fi password and, implicitly, access to the user’s home network, there’s a lot that can be done since devices are less secure on the inside.
“It’s possible that someone could hack a local system that can output sounds (like a computer or a sound system) and make it say ‘Alexa, open the front door’; however, this is admittedly a stretch.”
The vulnerability was disclosed to Amazon on June 24, and as of now all Ring Doorbell Pro cameras have received a security update fixing the vulnerability.
A Ring spokesperson said: “Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched.”
The post #Privacy: Vulnerability detected in Amazon doorbell cameras appeared first on PrivSec Report.