When you connect a smart security device to your home network, you assume that it’s helping to keep you safe. Unfortunately, for some owners, it may be exposing them in a different way. Security researchers at Internet of Things security firm Dojo by BullGuard took to the stage at Mobile World Congress to hack an Amazon Ring video doorbell in real time. The successful exploit took advantage of a security vulnerability that could leave audio and video transmissions exposed to third-party attackers.
The attack is a bit of a complicated one, but it works like this: An attacker gains access to a person’s Wi-Fi network, either by guessing the password, cracking the encryption, or exploiting another smart home device connected to the same network. The attack requires the Ring owner to be connected to the same network, as well. Once connected, the attacker can see audio and video as it is transmitted from the Ring video doorbell to the Ring application used by the owner. That footage is unencrypted when transmitted, making it easy to intercept once a hacker has gained access.
Being able to access video and audio from the doorbell makes it easy for a hacker to spy on the homeowner and any other member of their family. But the attacker could take things a step further and actually inject their own footage. That might include taking footage of a family friend or other regular guest like a babysitter knocking at the door, which the hacker might use to trick the homeowner into unlocking the door remotely.
“Ring is a well-respected IoT brand, however, the vulnerability we discovered in the Ring video doorbell reveals even highly secure devices are vulnerable to attack,” Yossi Atias, general manager of Dojo by BullGuard, said in a statement. “This particular vulnerability is complex because it is between the cloud and the Ring mobile app, and is acted upon when the Ring video doorbell owner is away from home – meaning the package delivery person, housecleaner or babysitter might not actually be the same person at your door. Letting someone you ‘think’ you know into your home could potentially have dire consequences, particularly if your kids are at home.”
If you are a Ring owner, you don’t need to panic too much about the hack. Amazon has been made aware of the issue and has issued an update to its Ring app to address the vulnerability. If you keep your app up to date, you should be protected from this particular attack.
“Customer trust is important to us and we take the security of our devices seriously,” a spokesperson for Ring told Digital Trends. “The issue in the Ring app was previously fixed and we always encourage customers to update their apps and phone operating systems to the latest versions.”