What you need to know
- A design flaw could have allowed anyone nearby to steal your Wi-Fi password via your Ring Video Doorbell.
- Ring was made aware of this flaw in June and has just issued a patch on November 7.
- Users won't need to do anything, as this update is automatic.
While you were passing out candy to trick-or-treaters this Halloween, you probably weren't too concerned about little ghouls stealing your Wi-Fi passcode via that handy video doorbell, were you? That exact scenario was apparently possible but, thankfully, Ring was aware of the issue and has patched the nasty little bug. Research firm Bitdefender found the issue in June and notified Amazon via the HackerOne bug bounty program, but it took until November for this to be patched. A Ring spokesperson has this to say:
Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it's since been patched.
Here's how this vulnerability could have played out. Your neighbor, or anyone within Wi-Fi range of your doorbell, could send fake "deauthentication messages" to the doorbell, thus causing the doorbell to think it was offline. The owner of the doorbell would eventually receive a notification from the Ring app detailing that the doorbell was offline, triggering the usual troubleshooting steps of resetting the doorbell.
Once the doorbell was reset and began the process of pairing with your Wi-Fi network, the hacker near you would be able to easily get your credentials because Ring originally chose to send these credentials via an unsecured HTTP connection. Companies like Google have been bolstering security for years by helping users identify when websites are safe, but devices like video doorbells aren't necessarily going to be as transparent in how they communicate.
IoT (Internet of Things) devices are a particularly worrisome group of devices because they often go unpatched for lengthy amounts of time, owing to poor support or small profit margins that don't encourage companies to provide long-term support. Since devices like video doorbells, smart thermostats, and connected lightbulbs are always on and always connected to your home network, it's incredibly important to choose products from manufacturers who have proven they can help prevent attackers from gaining control of your network or personal information.
This isn't the first time we've seen Ring have some privacy issues, including allegations of spying and warrantless viewing of footage from police. While a lot of this sounds nefarious, Ring has shown good effort in righting its wrongs and patching issues when they appear.
We may earn a commission for purchases using our links. Learn more.
How to take better smartphone photos in any conditions or lighting
That smartphone you're holding not only has a camera, but it probably has a decent one capable of taking good photos. Getting better shots is a matter of knowing the camera you have and following some basic fundamentals wherever you are. With so many features and effective software increasingly helping get the job done, it still helps to know how to wield your device to capture images...
The new Fitbit Charge 4 brings built-in GPS to your wrist for just $150
The Fitbit Charge 4 is the first new product to be released since Fitbit’s announced acquisition with Google, and while it’s a fairly minor update, the Charge 3 foundation was already really solid. From built-in GPS, Activity Zone Minutes, and more, here’s what’s new!
Are you still using a Galaxy S9 in 2020?
The Galaxy S20 may be the newest Samsung phone on the market, but what happened to the Galaxy S9? Is anyone still using it here in 2020?
Make your bedroom smarter and your mornings brighter
We often focus on smart home tech for the rooms in the home where people often congregate, like the living room, rec room, basement, kitchen, or even backyard. But what about the bedroom? There's plenty of smart home tech that is perfectly suited to the bedroom, helping you get a better night's rest or a more refreshed wake-up experience.