Critical vulnerability in Ring smart doorbells; WiFi network users’ information leaked

Although people buy video camera doorbells from Ring manufacturer hoping to increase the security of their homes, a flaw in the software of these devices could expose its users to a new security risk. According to experts in ethical hacking, the flaw would allow a threat actor to extract username and WiFi password from the doorbell user.

According to Bitdefender’s report, the security firm in charge of reporting the vulnerability, Ring’s parent company was informed of this flaw last June; the vulnerability was corrected in the Ring update for September.

It should be remembered that Ring is a company dedicated to the manufacture of doorbells with surveillance camera; almost two years ago, this company was acquired by Amazon for almost $850 million USD. Currently, these surveillance systems are linked to at least 580 police departments in the United States, integrating a neighborhood surveillance network, ethical hacking experts report.

Explained in this way, installing Ring devices in homes would seem like a good idea, although not everyone thinks their use is recommended. Privacy specialists have expressed concern that these systems connect directly to police stations, as well as the obvious exposure to threat actors.

An additional concern is that this is not the first time experts found vulnerabilities in Ring. A couple of years ago, experts at Pen Ten Partners discovered a series of flaws in these devices that, if exploited, allowed hackers to extract passwords from the WiFi network to which the doorbell connects. Other research has shown that it is possible to extract real-time images from these devices. 

Ethical hacking experts mention that the vulnerability lies in the connection between the video camera and the Ring app. When setting up a device for the first time, the app must send a sign-in record from the WiFi network to the doorbell. Because this information is sent over an unencrypted network, any hacker could perform a Man-in-the-Middle (MiTM) attack to intercept the sent data. It is important to note that the attacker must be in a location close to the signal from the target WiFi network.

Man-in-the-Middle Attack

After the latest security issue was revealed in Ring, the company released a statement: “The security of our devices and the trust of our users are the most important thing to us. We want to report that a security update was released to address the reported failure; the problem has already been corrected.”

Due to its characteristics, this attack can only occur during the device configuration process, mentioning ethical hacking specialists from the International Institute of Cyber Security (IICS). However, a hacker could also send fake messages to a user to try to trick them and have them set the ring from scratch again, although the complexity of this scenario increases considerably.