1 min read

Ring Video Doorbell Pro Under the Scope

Bitdefender

November 06, 2019

Ring Video Doorbell Pro Under the Scope

This article – part of a series developed in partnership with PCMag – aims to shed some light about the security of world’s best-sellers in the IoT space. PCMag contacted the research team at Bitdefender and asked us to have a look at several popular devices, including the Ring Video Doorbell Pro. More info about this project is available here.

Bitdefender researchers have discovered an issue in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a larger attack against the household network.

Vulnerability at a glance

When entering configuration mode, the device receives the user’s network credentials from the smartphone app. Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.

Another important step in exploitation is the fact that a hostile actor can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send deauthentication messages, so that the device gets dropped from the wireless network. At this point, the mobile app loses connectivity and instructs the user to reconfigure the device.

Automatic update already delivered

At the moment of publishing this paper, all Ring Doorbell Pro cameras have received a security update that fixes the issue described herein.

More information is available in the technical whitepaper below:

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read