A security vulnerability was found on the Amazon Ring Video Doorbell Pro, with researchers citing access point to home’s Wi-Fi password.
Cybersecurity company Bitdefender said that the product sends the homeowner’s Wi-Fi passwords in cleartext, the moment the doorbell joins the local network. Clearly, the glitch makes it easy for hackers to access the network.
Last October, a campaign called out Congress to investigate the surveillance network, which is the Ring doorbell camera. About 100,000 people signed up for the campaign as they believe Amazon shouldn’t be trusted with this kind of technology.
This issue has led to the investigation, prompting researchers to study how the product works and interact with the local network.
According to Bitdefender, “When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecured manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”
This flaw is a threat to homeowners and can potentially cause problems when hackers are able to break in.
After the security vulnerability broke news, Amazon was able to provide remedy and fix the issues.
Ring spokesperson said that Amazon prioritizes the security of customers and that ‘customer trust is important.’
Exposing the Wi-Fi passwords isn’t the first problem with Amazon’s Ring doorbell product. In fact, in February this year, researchers discovered that hackers can send fake images into the video feed and eavesdrop on audio and video.
According to BullGuard, using the right techniques, one hacker can access all incoming data packets and even send date into the feed. When a fake photo was connected to the homeowners, it could prompt unlocking of the door.
Another issue resurfaced earlier this year claiming that Ring employees actually watch customer’s videos. Amazon denied this accusation, however, reports show that Ring founder moved the company operations from San Francisco to Ukraine to save money. There are sources that claim various teams access unencrypted customer videos and live feeds.
There is also a report that Ring doorbells send data to a server run by the Chinese search engine company called Baidu.
Amazon bought Ring in 2018 for $1 billion and made developments of the product ever since. The company has relaunched Ring, creating security measures to prevent access to customer information.