1 min read

Unsecure Video Doorbells Flood the Market, Researchers Find

Silviu STAHIE

December 03, 2020

Unsecure Video Doorbells Flood the Market, Researchers Find

Many of the smart video doorbells on the market harbor severe vulnerabilities and physical weaknesses, a report by NCC Group and Which? found.

Smart video doorbells fill a particular niche in the IoT segment. And, while they don’t really fulfill some must-have functions, they usually come with many problems. If you’re a US citizen, police might access your doorbell footage or live feed. Similar products from around the world have exposed recorded videos or allowed attackers to take control.

Once you install a video doorbell, there’s no escape from a simple fact — controlling where and how the data is stored becomes a struggle that regular users find difficult to overcome. What makes the situation even worse is that the IoT and video doorbell industries are poorly regulated, and some companies just do as they please.

The NCC Group and Which? study looked at 11 smart doorbells found in various online marketplaces. While only a few are from well-known brands, many are available on Amazon, eBay and Wish. Their main advantage is price, but that’s where it stops.

For example, the researchers found that the hardware of the Victure VD300 sends the Wi-Fi name and password to servers in China unencrypted. Moreover, customers can find identical but unbranded copies on various other websites.

Another popular doorbell, the Qihoo 360 D819, allowed attackers to detach it from the wall, reset it and sell it as new. The recordings themselves are stored unencrypted.

As for the other models, some of the more common vulnerabilities included susceptibility to KRACK (Key Reinstallation AttaCKs), lack of data encryption, excessive data collection and poor security policies.

The only way to properly secure the marketplace is to implement IoT security guidelines, which are only now in the process of deployment. It will take a few years for the market to comply fully.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Prepares to Reset App Permissions on Billions of Devices Google Prepares to Reset App Permissions on Billions of Devices
Silviu STAHIE

September 20, 2021

1 min read
Sideloading Android Apps - Bane or Blessing for Android Users Sideloading Android Apps - Bane or Blessing for Android Users
Silviu STAHIE

September 20, 2021

2 min read
FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read