Ding-Dong -- Your Easily Hacked 'Smart' Doorbell Just Gave Up Your WiFi Credentials
from the not-so-smart-devices dept
Have we mentioned lately that when it comes to the so-called "internet of things," security is an afterthought? Whether it's your automobile, your refrigerator or your tea kettle, so-called "smart" internet of things devices are consistently and alarmingly showing that they're anything but. If these devices aren't busy giving intruders access to your networks and passwords, they're often making life more difficult than so-called dumb devices. Last week, for example, the popular Nest smart thermostat simply stopped working after a software update, resulting in thousands of customers being unable to heat their homes.Now yet another security problem has been revealed in The Ring smart video doorbell, which lets you see who's at your front door via a smartphone app. According to a blog post by Pen Test partners, all an intruder needs to do is to remove two screws, press a big orange reset button, and they're able to access the configuration URL for the entire system, which can be chained with other devices including door locks and home security cameras:
"If the URL /gainspan/system/config/network is requested from the web server running on the Gainspan unit, the wireless configuration is returned including the configured SSID and PSK in cleartext. The doorbell is only secured to its back plate by two standard screws. This means that it is possible for an attacker to gain access to the homeowner’s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL. As it is just a simple URL this can be performed quite easily from a mobile device such as a phone and could be performed without any visible form of tampering to the unit."In short, your smart doorbell could potentially make you immeasurably less secure, without any visible signs of tampering to the outside unit. This is, the researchers have warned in a previous post, similar to a vulnerability common in a popular smart bathroom scale, which can be easily tricked into sharing a user's WPA-PSK. Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem, though obviously not all vulnerabilities get fixed this quickly, and it's one more example of "smart" technology being a great advertisement for more traditional, dumb devices.
And despite notable experience with security issues, broadband ISPs that have been eager to jump into the smart home arena aren't having much more luck. A flaw was recently exposed in Comcast's Xfinity home security and automation service, allowing a hacker to trick the system into reporting an "all clear" state by jamming the 2.4 GHz radio used by the service. The security service would then report that everything was fine for up to three hours, and once communication was re-established with the service base station, the system never informed the user there was a problem. So smart!
And the end of the day, if you're interested in a smarter, more secure home, you may want to consider a dog.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doorbell, iot, privacy, security, smart doorbell
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Design flaw
Look at any doorknob/deadbolt lockset and you'll see they're dismountable on the inside only.
This doorbell/camera should have two parts: the main unit on the outside and the controller on the inside. Single units on the outside is just asking for trouble.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Ding Dong
Oh yeah, it is also a trade marked snack cake item. Tasty!
[ link to this | view in chronology ]
Multiple Router SSIDs
Or, at a minimum, a remote sensor and an inside transmit unit!
[ link to this | view in chronology ]
And They Said It Was Impossible
[ link to this | view in chronology ]
Since the Ring is a motion sensing camera you will also have a video of someone unscrewing your doorbell from the wall:) and since it can be configured to alert you when the camera is "on" you could even start talking to the person tampering with your door bell. something like " I would work a little quicker if I were you the Police are on the way" should be enough to do the trick ;)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Bad lock no signal
You know who didn't suck at locks? No..really I can't think of anyone. Locks are hard. Heck the Chinese Emperor of the terra cotta army had to bury himself under a darned hill with traps and that still won't work.
[ link to this | view in chronology ]
Re: Bad lock no signal
[ link to this | view in chronology ]
Re: Bad lock no signal
Problem is, if your front door lock is hard to pick, and you get locked out of home... how do you get back in? In a locksmith can't pick the lock for you, then it's time to drill the lock out and replace it. Of course, if you want to protect against other parties drilling the lock out just as easily, then you are victim to the same difficulties if you ever need to break in.
Physical locks don't *have* to be easy to pick. But most people want them that way, at least in their homes.
[ link to this | view in chronology ]
These devices are non-secure by design. They have been intentionally make to be hacked and you are supposed to run out and get you some of that.
[ link to this | view in chronology ]
The Internet of things including thermostats
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Of the few people I know who have been fooled into putting even just a "smart" thermostat in their homes, not one is what I would consider "smart".
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Here is where it was originally Reported.
https://www.pentestpartners.com/blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/
Way down on the bottom of the page is says FIXED!!! This topic is now fear mongering or a issue that's already been taken care of. Anyone with a RING Doorbell is already cured!!!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
You are supposed to not think about what could possibly go wrong and simply buy their crapware and submit to their spying. What the hell is wrong with you?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
This is a doorbell, ffs.
Who the hell needs a doorbell anyway, make 'em knock on the door. Hey, is there an internet connected door knocker?
[ link to this | view in chronology ]
Re:
Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem, though obviously not all vulnerabilities get fixed this quickly, and it's one more example of "smart" technology being a great advertisement for more traditional, dumb devices.
That it was a problem that was quickly fixed wasn't the point of the article, the point was showing yet another example of how 'smart' devices can be really stupid and open up security vulnerabilities and/or cause other problems.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: JBDragon
So no, not fear mongering, but instead educational content warning people of the actual/real/physical dangers these devices pose for the people that are on the inside of a house that is 'protected' by this device.
[ link to this | view in chronology ]
HELP!
[ link to this | view in chronology ]
This episode should be a warning to all IOT companies and potential customers, but also an example of an IOT company handling a discovered problem as well as possible.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
No amount of 'firmware upgrade' is going to change the fact that 2 screws and a big red^H^H^H orange button are all that keep the bad guys from connecting to the device's management interface.
What IDIOT thought it was a good idea to put the private access zone on the insecure side of the device? (probably the same one who doesn't know how to use a drill to bore a hole through the door!)
There's an old adage... "never trust a programmer with a screwdriver."
[ link to this | view in chronology ]
The problem here is
[ link to this | view in chronology ]
Re: The problem here is
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
pounding square pegs in a circle
[ link to this | view in chronology ]
Also, in Russia, doorbell rings you.
[ link to this | view in chronology ]
Re:
Unfortunately, dogs have a fatal design flaw in that they are alive and like to eat. A zombie dog would be a safer bet, since they wouldn't be interested in the steak laced with strychnine. An added benefit is their love of human brains.
In all seriousness though, dogs are far more expensive than a cheap doorbell, which is why they tend to not have as much of an acceptance rate, plus attackers can easily trap the dog in a closet with a steak and go about their nefarious activities.
[ link to this | view in chronology ]
Re: Dogs
Dogs are good to warn you of an intruder. They might even scare off a non-violent intruder. In a home invasion, or if you are not there what you're most likely to end up with is a dead dog.
[ link to this | view in chronology ]
My thoughts as a Ring Owner
So if somebody got my WiFi credentials by this method I would change the password. While it is unfortunate that they did not properly secure the device in the first place in the case the company did the right thing and immediately acknowledged and correct the issue. Which I suspect not all internet of things manufactures will do.
[ link to this | view in chronology ]
Re: My thoughts as a Ring Owner
[ link to this | view in chronology ]
Biggest Intruder
Let's demand free/libre software in "smart" devices, as in computers.
See http://gnu.org/philosophy/free-software-even-more-important.html.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Amazing Info
[ link to this | view in chronology ]
Skybell Vs Ring
[ link to this | view in chronology ]
So it's fixed?
So everything leading up to this sentence is moot? There was a problem, they fixed it, right?
And besides, the motion-sensing doorbell would notify you when someone was trying to remove it, so you'd be tipped off.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
‘Wi-Fi deauthentication attack‘
1) Why not just flood the target accesspoint with deauthentication packets. This will cause the target accesspoint to disconnect the wireless doorbell from the network??? No wifi no notification??
[ link to this | view in chronology ]