No announcement yet.

Ring Doorbells used? HTTP to pass credentials unencrypted


  • Ring Doorbells used? HTTP to pass credentials unencrypted

    Amazon supposedly fixed this security vulnerability as reported here:




    The key issue with Ring exists in how users first configure the device, which requires the device’s smartphone app to use a wireless connection to send the wireless network credentials to the smart doorbell, researchers said.

    “This takes place in an unsecure manner, through an unprotected access point,” researchers wrote. “When entering configuration mode, the device creates an access point without a password (the SSID contains the last three bytes from the MAC address).”


    I have had an IoT device and based on how bad the security was on that, I've sworn off all IoT until companies can figure out that patching, security and not being first to market are important.


    If you ever change your network, or lets say the average user:

    - gets a new internet service provider

    - gets the default wifi router with their service

    - has to change the password as most do

    - doesn't pick secure passwords, and doesn't care


    They would be open to all sorts of attacks.



    While no Amazon Ring users at this point appeared to have been affected by the flaw, there was some considerable lag time between Bitdefender’s first disclosure of the problem to the company on June 20 and Amazon’s patch and coordinated disclosure of the flaw on Nov. 7.

    Bitdefender found the flaw.


    Here's another article that is more brief:




    Amazon has faced intense scrutiny in recent months for Ring’s work with law enforcement.


    The link above from the quote showed how Ring wanted to allow law enforcement agencies to hack your doorbell so they could see crimes, but what would stop the law enforcement from rifling around in your network if they wanted too.


    That's in addition to this:


    Where Ring wanted to hire a reporter to report on crime so they could raise fear and make people buy more ring devices.


    I think that's three strikes.

      Posting comments is disabled.



    Article Tags


    Latest Articles