Researchers find security flaws in ‘Amazon’s Ring Video Doorbell Pro’ IoT device
Bitdefender researchers have discovered an issue in ‘Amazon’s Ring Video Doorbell Pro’ IoT device that allows an attacker to intercept the owner’s Wi-Fi network credentials.
During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This then allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi.
Once in possession of a user’s WiFi password, an attacker has full access to the network. And it’s no secret that an internal network can be very lax. In fact, many devices such as Smart TVs allow interaction without any authentication whatsoever – even if a device was under attack, there is no trace left and users will have no idea they were even a victim.
- Interact with all devices within the household network
- Intercept network traffic and run ‘man-in-the-middle’ attacks
- Access local storage (NAS drives, for example) and subsequently access private photos, videos and other types of information
- Exploiting vulnerabilities and gaining access to other devices connected to the local network, that may lead to reading emails and private conversations
- Get access to security cameras to steal video recordings
The Ring Doorbell Pro cameras now receive automatic security updates, the latest update resolves the security vulnerabilities.
https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/HDnE0j3Pauw/researchers-find-security-flaws-in.html
