Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Researchers discovered the problem in Amazon’s Ring Video Doorbell Pro IoT device, a smart doorbell that combines security cameras with motion-detection to help protect people’s homes against intrusion. If exploited, the problem, outlined in a whitepaper published online, would allow an attacker physically near the device to intercept Wi-Fi network credentials, according to Bitdefender that discovered the flaw.The security firm informed Amazon Ring of the flaw in June. After several months of back-and-forth communication, Amazon issued a patch for the device earlier this week. The key issue with Ring exists in how users first configure the device, which requires the device’s smartphone app to use a wireless connection to send the wireless network credentials to the smart doorbell, researchers said. “This takes place in an unsecure manner, through an unprotected access point,” researchers wrote. “When entering configuration mode, the device creates an access point without a password (the SSID contains the last three bytes from the MAC address).” Since this data exchange is performed through plain HTTP, anyone eavesdropping on the network can access the credentials, researchers said. While your neighbor using your Wi-Fi may not seem…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-11-08 07:11:002019-11-08 07:11:00Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org