Amazon Ring Video Doorbell Pro's Vulnerability

Sponsored by Amazon Ring Video Doorbell

Researchers have discovered a vulnerability in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker to intercept the owner’s Wi-Fi network credentials. But Amazon has quickly upgraded its security.

Check out this Video Ring Doorbell on Amazon

The vulnerability was part of a responsible disclosure process, was fixed and delivered via automated update by Ring’s dev team. Amazon’s Ring Video Doorbell Pro IoT is an immensely popular device with almost 17,000 reviews and more than 1000 answered questions on the Amazon.com website.

How the vulnerability worked

During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi. Worthy mentions:

The attacker doesn’t need to know anything about the victim’s network and does not need to be associated with that WiFi access point. Sniffing WiFi packets broadcasted over unencrypted channels is standard in the WiFi RFC
Attackers can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send de-authentication packets, so that the device is dropped from the wireless network. At this point, the App loses connectivity and tells the user to reconfigure the device.

<br />

Impact

Once in possession of a user’s WIFI password, an attacker has full access to the network (worth mentioning that security on internal network is really lax with many devices (such as Smart TVs) allowing interaction even without any authentication whatsoever). Examples of possible things an attacker might do without user knowledge on Amazon Ring Video Doorbell:

Interact with all devices within the household network;
Intercept network traffic and run ‘man-in-the-middle’ attacks
Access all local storage (NAS, for example) and subsequently access private photos, videos and other type of information
Exploit all vulnerabilities existing in the devices connected to the local network and get full access to each and every device; that may lead into reading emails and private conversations
Get access to security cameras and steal video recordings

What the user needs to do

The Amazon Ring Video Doorbell already received an automatic security update that fixes the issue.

So, to be on the safe side Ring Video Doorbell Pro users can make sure they have the latest update installed and if this is the case, they’re safe.

Share via

Amazon Ring Video Doorbell Pro’s Vulnerability

How the vulnerability worked

Impact

What the user needs to do

Posted by Sponsored Article

Amazon Ring Video Doorbell Pro’s Vulnerability

You may also like

5 Statistics About Truck Accidents That You Should Know About

5 Safety Checks to Carry Out Before Moving Offices

Preventing Workplace Injuries and Accidents: A Comprehensive Guide for Safety Managers

4 Things To Know Before Replacing Door Locks

10 Best Budget Soundbars in the Philippines 2023

Why Filipino Engineers Must Have Two Credit Cards

How Law Firms Can Improve Efficiency and Productivity with Case Management Software

Keeping Maritime Workers Safe: A Multifaceted Approach

Raptor 18S | Automatic Stabilization and Closing

Innovation and Development Trends of Electronic Components in Engineering Applications

How To Improve Security And Safety Of Engineers In Business Premises

Top 10 Best Civil Engineering Review Centers in the Philippines

Jollibee Crew Emerged as Civil Engineering Topnotcher

How Two Mechanics Who Got Caught by a Wind Turbine Fire Helped the Wind Industry

Best Coffee Makers in the Philippines 2023 (Pros and Cons)

Top 10 Best Portable Generators in the Philippines (Engineers Review)