Amazon Ring fixed a security vulnerability in its Ring doorbell that could have potentially allowed hackers to get Wi-Fi passwords and access homeowners’ networks.
The cybersecurity research company, Bitdefender, exposed the Amazon Ring flaw in a case study. The company found the vulnerability when the Ring doorbell is first configured to a Wi-Fi network. According to the case study, the initial connection allows an access point to the network without a password using HTTP.
“Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network. All these exchanges are performed through plain HTTP. This means the credentials are exposed to any nearby eavesdroppers,” the case study reads.
The hacker is able to trick the Ring device into malfunctioning, therefore causing the homeowner to try to reconfigure it, which is when a nearby hacker can slip into the network and gain access and possibly organize a larger attack against the network.
Bitdefender said that Amazon was made aware of the issue in June. A Ring spokesperson told Digital Trends that the issue has been fixed.
“Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched,” the spokesperson told us.
A previous Ring security flaw was found earlier this year that could have allowed hackers to access video and audio from the doorbell, making it easy for a hacker to spy on the homeowner and any other member of their family. Amazon updated the Ring app to address the vulnerability.
The Amazon Ring doorbell has received other criticisms for privacy issues before, namely for its partnerships with police departments.
In July, Motherboard reported that Amazon struck up deals with local police departments to encourage people to buy its Ring security products in exchange for free Ring video doorbells and access to a police-focused Ring portal.
A Ring spokesperson previously told Digital Trends that Ring partners with law enforcement agencies to make neighborhoods safer and that the partnership allows the community to find out about crime and safety information.
Still, many are concerned about the risks that surveillance partnerships bring. Last month, the civil rights group Fight for Future wrote a letter to elected officials calling on Amazon to stop its police partnerships.
Fight for Future said that Amazon has not been transparent in its plans to integrate facial recognition software into its Ring cameras. The group also says the partnership poses a “serious threat to civil rights and liberties, especially for black and brown communities already targeted and surveyed by law enforcement.”
- Ring’s defense of recent hacks is as shoddy as its security, lawyer claims
- Ring admits employees have improperly accessed customers’ doorbell videos
- Data leak exposes personal info of more than 3,000 Ring users
- Hacker accesses Ring camera in little girl’s bedroom to tell her he’s Santa
- Ring and Amazon slammed with a federal lawsuit over failed camera security