image
Amazon has patched a vulnerability in its Ring smart doorbell device that could allow attackers to access the owner’s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network, researchers have found. Researchers discovered the problem in Amazon’s Ring Video Doorbell Pro IoT device, a smart doorbell that combines security cameras with motion-detection to help protect people’s homes against intrusion. If exploited, the problem, outlined in a whitepaper published online, would allow an attacker physically near the device to intercept Wi-Fi network credentials, according to Bitdefender that discovered the flaw.The security firm informed Amazon Ring of the flaw in June. After several months of back-and-forth communication, Amazon issued a patch for the device earlier this week. The key issue with Ring exists in how users first configure the device, which requires the device’s smartphone app to use a wireless connection to send the wireless network credentials to the smart doorbell, researchers said. “This takes place in an unsecure manner, through an unprotected access point,” researchers wrote. “When entering configuration mode, the device creates an access point without a password (the SSID contains the last three bytes from the MAC address).” Since this data exchange is performed through plain HTTP, anyone eavesdropping on the network can access the credentials, researchers said. While your neighbor using your Wi-Fi may not seem…

Source