Amazon Doorbell Camera Lets Hackers Access Household Network
A vulnerability detected in Amazon doorbell cameras made it possible for hackers to gain access to the owner's household computer network.
The weakness in the Ring Video Doorbell Pro IoT device was discovered by researchers at Bitdefender in June of this year. Researchers found that the credentials of the local wireless network were being sent through an unsecured channel using plain HTTP during the doorbell's setup process.
By exploiting the flaw, an attacker physically near the device could get hold of the doorbell owner's Wi-Fi password and use it to interact with all the devices in the owner's household network.
With the ability to communicate with devices such as security cameras and NAS storage devices, an attacker could access and steal private photos, videos, emails, and documents. It would also make it possible for an attacker to mount man-in-the-middle attacks.
According to Bitdefender chief security researcher Alexandru “Jay” Balan, the vulnerability could even have allowed a particularly determined hacker to gain physical access to a property.
Balan told Infosecurity Magazine: "With access to a user's Wi-Fi password and, implicitly, access to the user's home network, there's a lot that can be done since devices are less secure on the inside.
"It's possible that someone could hack a local system that can output sounds (like a computer or a sound system) and make it say 'Alexa, open the front door'; however, this is admittedly a stretch."
The video doorbell is an immensely popular home security device, with almost 17,000 reviews and more than 1,000 answered questions on the Amazo ..