Vulnerability in Ring Doorbell Fixed After Discovery that Hackers Could Supply Fake Images

news-ring-doorbell-vulnerability-featured

If you have a Ring Doorbell, you most likely have it because it gives you a sense of security, knowing that you can watch video and get pictures of people on your doorstep. But it turns out it’s not always as safe as it should be, though Amazon patched its latest vulnerability that would allow hackers access to your Ring and possibly even add fake photos into your feed.

Ring Doorbell Vulnerability

If you have a newer version of the app that goes along with the Ring doorbell, you’re set, as the company, owned by Amazon, has patched the app to solve the vulnerability. Those still running older versions of the app, however, could still be at risk.

Researchers from Dojo by BullGuard published a report of the vulnerability after finding that if a hacker is able to use the right techniques, they can access the incoming data packets. This would allow them to listen to the live feed, as it wasn’t effectively encrypted.

At worst, if the hacker had access to the user’s Wi-Fi, they could have inserted data into the feed for the Ring Doorbell before it reached the older version of the app. In at least one attack, the method used to insert data could insert doctored images so that the Ring user would be fooled and think it was safe to open the door.

This is not the first time vulnerabilities have been found in Ring devices. There were reports earlier this year that Ring was allowing their employees to watch videos recorded by users; however, Ring denied this news. It’s unknown if they encrypt the video footage or use other security measures to protect data, as they don’t publish that information.

news-ring-doorbell-vulnerability-content

Last May it was reported that the company allowed password changes and never signed users out after they were logged in once. A year before that, users found that their cameras were sending data to a Chinese serve that was being run by the Baidu search engine. It’s not known why, but Ring said earlier this month that it “was not a cause for concern; however, Ring updates its devices’ firmware regularly.”

Ring Not Respecting User Privacy

But with all these reports, it seems Ring doesn’t value user privacy much. It’s easy for them to see these data leaks aren’t of concern, but they don’t offer explanations, and it seems that it’s happening too often. It’s great that they patch these vulnerabilities, but what harm is being done in the meantime?

Ring doorbells are a security product. The reason anyone buys and installs the system is to keep their home secure, so that they can keep record of who’s on their doorstep. That the data is being sent through other servers, that you’re not signed out, and that someone could infiltrate your system to either listen in or send fake images is a big deal.

Perhaps, however, this is only being reported because Ring is such a titan in the industry. Maybe this isn’t so much a Ring problem but something throughout the security camera industry. If that’s the case, it should definitely be a buyer beware type of thing, and users should do research on what happens to their data before they purchase any security camera.

I know for myself, when I set up my camera, I chose to not host my video in the cloud and opted instead to use a a micro SD card to store it locally. However, the images and video are still sent from my camera to my device, so they are still being sent through some server. It’s up to me to find out how secure that system is.

Do you use a Ring doorbell? Are you worried about the vulnerabilities? Let us know in the comments below.

Image Credit: Robert Nelson and Fastily via Wikimedia Commons

One comment

  1. And so WiFi proves once again to be the Achilles’ heel of an IoT device.

    I wonder what other undiscovered or undisclosed vulnerabilities lurk within the Ring Doorbell? The IoT industry is so hell-bent on selling their devices that security of those devices is overlooked.

Comments are closed.