Amazon Ring doorbell has gained traction in the last couple of years and has pushed Amazon to add more products to their smart home lineup. Along with adding new products, Amazon has also doubled-down on security and privacy of those using these devices. However, as the case is with any smart home devices, the Amazon devices are prone to vulnerabilities and hacks.
According to Bitdefender, Amazon Ring doorbells have security flaws and are leaking password for the Wi-Fi networks of their users. The issue was found in Ring Video Doorbell Pro and could allow hackers to extract the Wi-Fi password. Bitdefender explained the vulnerability in a blog post, and according to them, Ring doorbells are sending the password needed to join in cleartext. This could be intercepted by hackers who can use it to connect to a home Wi-Fi network. One of the reasons why this seems so easy is because the data is sent over an unencrypted connection.
When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.
They further explained that hackers could trigger a reconfiguration of the device by overloading it with deauthentication messages, disconnecting it from the Wi-Fi. When this happens, the mobile app will lose connectivity and will ask the user to reconfigure the device, giving hackers a way in.
Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched.
– Bitdefender (via TechRadar)
Amazon has rolled out a new update to Ring Video Doorbell Pro users to fix the vulnerability. If you’re using the device, then make sure you have installed the latest update to prevent any attacks.