WTF! Now Even Doorbells Can Leak Passwords

Just when you thought staying away from WhatsApp and Facebook will ensure the security of your data, this is something that makes you feel unsafe even at home


Just about a couple of months ago, Amazon had proudly presented a whole new series of gadgets that could make our homes connected in every which way possible with the company slowly taking over the voice space like never before. Jeff Bezos now owns every part of our house, right from our spectacles to that microwave oven sitting quietly in the kitchen and everything in between.

What’s more, Bezos set the agenda for multiple and simultaneous wake words where customers can choose a voice that best supports an interaction via Alexa. Work on this is progressing at a frenetic pace after Amazon took the lead by forming a new consortium called the voice interoperability group that is creating global standards and technology for hardware to handle voice services.

Amidst all this noise, there is a low decibel challenge that Amazon is suddenly facing in the form of a vulnerability that security researchers found on Ring, an outdoor home security that provides homeowners with a line of secure doorbells and cameras. And, the impact could prove to be a monumental disaster as it was exposing passwords and Wi-Fi networks to hackers.

Zack Whittaker writing in TechCrunch quotes global security technology major Bitdefender to suggest that the doorbell was sending the owner’s Wi-Fi passwords in cleartext allowing hackers to intercept them and gain access to the entire network from where they could possibly launch larger and broader attacks or conduct surveillance in some form.

The security company says that while configuring the device, the smartphone app needs to send the wireless network creds which happens in an unsecure manner through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network, Bitdefender is quoted as saying in the article.

Since these transactions happen in an environment that is not encrypted, data gets exposed while moving through the air. The article says the vulnerability was exposed only on Thursday though Amazon had already gotten it fixed. In the past, the company had been up for scrutiny as it was found that Ring had close associations with police departments.

In fact, Amazon was trolled over social media after it revealed that during Halloween recently, it had shared data about tracking children using the data that it routinely stores from the Ring doorbell. Which once again proves that having a connected home may be useful on occasions but it is hardly fool proof and could well hand over charge of the house to someone smart enough to hack into it.

Looks like the Smart House isn’t all that smart after all!

TAGS: Amazon, Snooping, Hacking, Ring