Satoshi Nakamoto Blog
Image default
Amazon Article Hacking Privacy Ring Security

Your Amazon Ring doorbell may have leaked your Wi-Fi username and password


If you’ve ever expressed concern about the security implications of Amazon Ring connected doorbells; if you’ve ever voiced privacy concerns about letting Amazon have such a portal into your life… your fears have been justified.

It has just been revealed that a security flaw in the camera-toting devices made it possible for hackers to access customers’ Wi-Fi usernames and passwords. With these credentials, it would then be possible to launch a wider privacy-invading attack on households, accessing all manner of data and devices on home networks.

See also:

The issue was unearthed by security firm Bitdefender which found that Amazon’s Ring Video Doorbell Pro is vulnerable when in configuration mode. The company explains that network settings are sent to the device from a mobile app via plain, unencrypted HTTP. Wi-Fi credentials that are transferred in this way are open to interception by nearby eavesdroppers and hackers.

Bitdefender says: “Another important step in exploitation is the fact that a hostile actor can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send deauthentication messages, so that the device gets dropped from the wireless network. At this point, the mobile app loses connectivity and instructs the user to reconfigure the device”.

Evan Greer, deputy director of privacy-focused Fight for the Future, is both unimpressed and unsurprised:

This is a classic example of how more surveillance does not mean more safety. Amazon has consistently shown reckless disregard for privacy and civil liberties, but this is terrifying on a whole other level. Putting insecure cameras and listening devices around your home puts your family in danger. Congress should immediately investigate the threat posed by Amazon’s rapidly spreading, for-profit surveillance dragnet.

The good news is that a security update has already been pushed out to the affected devices, but it is not known how many users may have fallen victim to this form of attack.





Source link

Related posts

The Biggest Cybersecurity Crises of 2019 So Far

satoshi

Amazon’s original birthplace sells for $1.5M, but fate of legendary mailbox remains unclear – GeekWire

satoshi

Kingston unveils IronKey D300S hardware-encrypted ‘serialized’ USB flash drive

satoshi

Eagles receiver surprises schoolkids who wrote to him after crushing NFL playoff loss

satoshi

The state of stolen credentials on the Dark Web

satoshi

RCS is being implemented dangerously, leaving users vulnerable to attack

satoshi