A security flaw in Amazon’s £200 Ring Pro doorbell could allow hackers to control smart devices within a home, security researchers have warned.
The bug allowed attackers to access a home’s Wi-Fi network, potentially infiltrating smart home devices as well as private photos or videos on the network.
Ring doorbells are connected over a smartphone app and to the home’s Wi-Fi, allowing users to see who is at the door and answer it remotely. They also act as security cameras, telling users if someone has come doorknocking.
Researchers at cyber security firm Bitdefender found attackers could access a home’s Wi-Fi network as password details of the home’s local network were sent from the Ring mobile phone app without encryption, meaning hackers could intercept them. Ring said it had issued an update to fix the problem.
When users set up their Ring doorbell, a signal is sent from the Ring app to the digital doorbell to connect it to the home’s Wi-Fi, including the local network password.
However, this password was sent unencrypted in a readable form. An attacker in range of the user’s home could hijack the message and use the password to access the home’s Wi-Fi network.
The vulnerability was only present during the set up stage of the ring doorbell, meaning there was only a small window of opportunity.