Getting hacked sucks, but there’s something worse than that: getting hacked because of your own smart doorbell.
Ring is a popular smart doorbell that allows you to unlock your door from your phone, as well as see and hear visitors via a webcam.
“This event was off the charts”
Gary Vaynerchuk was so impressed with TNW Conference 2016 he paused mid-talk to applaud us.
According to Pen Test Partners, the attack was relatively trivial. To steal the password, it took removing the doorbell from the door using two screws, flipping it over and pushing the orange set-up button.
That button put the device into wireless AP mode for which allows you to paid it with your own network on your phone.
When connected, if you accessed the onboard chip’s HTTP server from a ‘/gainspan/system/config/network’ URL which had no authentication, you were able to see both the user’s network name and password in plain text.
The attack only takes a few seconds, and is scary given that the device is mounted on the outside of the house, where an attacker could easily access it, crack your network, re-asssemble the doorbell, then sit and steal your data on your Wi-Fi without your knowledge.
Ring says that you’d be aware this is happening because you’d get a push notification on your phone that someone’s at the door.
Pen Test Partners also says that Ring was quick to respond and fixed the vulnerability within two weeks of it being reported, though given that the lock has been on sale for some time, it’s concerning it wasn’t found earlier.
The vulnerability raises a number of existing concerns about the Internet of Things and the apparent onslaught of ‘smart’ devices coming into our homes.
As our thermostats, lightbulbs and door-handles are connected to the internet, we have to trust that the IoT vendors — which are often young startups — know what they’re doing and can ensure their devices are secure.
Obviously we’re not quite there yet.
➤ Steal your Wi-Fi key from your doorbell [Pen Test Partners]
Update: Ring says that all doorbells out there have been patched since the issue was made known to them.