Vulnerability In Ring Doorbells Left the Door Open for Hackers to Open the Door
Bitdefender–the tireless actuary of the Internet of Things–were able to crack into homeowner’s personal WiFi networks via Amazon’s Ring doorbells, the video-enabled auto-locks that allow homeowners to remotely open the door. And as Bitdefender’s Chief Security Researcher Jay Balan told Gizmodo over the phone, once a bad actor has access to a home network “it’s game over.”
Balan told us that the vulnerability was discovered following a request from PCMag to look into the device and that it’s now been patched. The process of taking advantage of the security hole was tedious, he said, as the Ring typically communicates with your device via the company’s cloud services. The only insecure exchange between the app and device is the authentication process, so a hacker would have to kick the device off your network by aggressively sending the network de-authentication messages. The Ring would then appear to go offline. The hacker would have to wait within proximity of your WiFi (like right outside your home) until you notice that the device is offline. And when you reenter your credentials on the Ring, the hacker would be able to scoop them up.
A daring hacker with the patience to do this still wouldn’t be able to use the Ring app, but an imaginative mind could still find a way into your home. “There’s no other vulnerability that we discovered, but there are a million scenarios that you can run,” Balan told Gizmodo. “Let’s say there’s a vulnerable speaker system on the home network; many speaker systems accept people’s music without any authentication. A very possible scenario is that you could send an audio file to the speaker that says Alexa, open the front