Satoshi Nakamoto Blog
Image default
Amazon Article Hacking Privacy Ring Security

Your Amazon Ring doorbell may have leaked your Wi-Fi username and password


If you’ve ever expressed concern about the security implications of Amazon Ring connected doorbells; if you’ve ever voiced privacy concerns about letting Amazon have such a portal into your life… your fears have been justified.

It has just been revealed that a security flaw in the camera-toting devices made it possible for hackers to access customers’ Wi-Fi usernames and passwords. With these credentials, it would then be possible to launch a wider privacy-invading attack on households, accessing all manner of data and devices on home networks.

See also:

The issue was unearthed by security firm Bitdefender which found that Amazon’s Ring Video Doorbell Pro is vulnerable when in configuration mode. The company explains that network settings are sent to the device from a mobile app via plain, unencrypted HTTP. Wi-Fi credentials that are transferred in this way are open to interception by nearby eavesdroppers and hackers.

Bitdefender says: “Another important step in exploitation is the fact that a hostile actor can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send deauthentication messages, so that the device gets dropped from the wireless network. At this point, the mobile app loses connectivity and instructs the user to reconfigure the device”.

Evan Greer, deputy director of privacy-focused Fight for the Future, is both unimpressed and unsurprised:

This is a classic example of how more surveillance does not mean more safety. Amazon has consistently shown reckless disregard for privacy and civil liberties, but this is terrifying on a whole other level. Putting insecure cameras and listening devices around your home puts your family in danger. Congress should immediately investigate the threat posed by Amazon’s rapidly spreading, for-profit surveillance dragnet.

The good news is that a security update has already been pushed out to the affected devices, but it is not known how many users may have fallen victim to this form of attack.





Source link

Related posts

50 people dead in bus crash in western Kenya

satoshi

Decentralized crypto threat app Sentinel partners with blockchain wallet service Hexlant 🟀 CryptoNinjas

satoshi

16M passwords from Fortune 500 companies found on the dark web

satoshi

Cardi B charged after alleged fracas with bartender in New York strip club

satoshi

Vulcan raises $10 million to remediate cybersecurity vulnerabilities

satoshi

US envoy Sondland worked with Giuliani on Ukraine corruption statement, Volker testified: sources

satoshi