Through this vulnerability and by gaining access to a network, attackers can compromise other devices, among other potential consequences. The homeowner could try to reconnect it to the network using the app, but this will ultimately fail and force them to reconfigure. This process would take some time, but eventually the app would show that the device was offline. The researchers pointed out that a way to do this would be to continuously send deauthentication messages so that the device would be dropped from the wireless network. The attackers would then make the user believe that the doorbell is malfunctioning to trick the homeowner into reconfiguring the device, at which point they can intercept the sent credentials. It does so by creating an access point that is not password-protected and sending the needed network credentials in HTTP, which is a protocol more likely to be exposed to potential attackers compared to the more secure HTTPS protocol.Ī scenario using this vulnerability could start with attackers identifying a home that uses this particular device. They saw that the smartphone app sends the wireless network’s credentials to the device during the initial configuration process. The discovery was made by researchers from Bitdefender, who found a security flaw in the way the device connects to the local network upon first configuration. However, attackers that exploit the device’s flaw to gain Wi-Fi credentials can open the home to other forms of compromise. Ring Video Doorbell Pro is a home security device that gives homeowners the ability to screen visitors and monitor their home remotely. Amazon has already fixed this issue back in September but the vulnerability was only disclosed recently.
0 Comments
Leave a Reply. |