Ding-Dong — Your Easily Hacked 'Smart' Doorbell Just Gave Up Your WiFi Credentials

from the not-so-smart-devices dept

Have we mentioned lately that when it comes to the so-called “internet of things,” security is an afterthought? Whether it’s your automobile, your refrigerator or your tea kettle, so-called “smart” internet of things devices are consistently and alarmingly showing that they’re anything but. If these devices aren’t busy giving intruders access to your networks and passwords, they’re often making life more difficult than so-called dumb devices. Last week, for example, the popular Nest smart thermostat simply stopped working after a software update, resulting in thousands of customers being unable to heat their homes.

Now yet another security problem has been revealed in The Ring smart video doorbell, which lets you see who’s at your front door via a smartphone app. According to a blog post by Pen Test partners, all an intruder needs to do is to remove two screws, press a big orange reset button, and they’re able to access the configuration URL for the entire system, which can be chained with other devices including door locks and home security cameras:

“If the URL /gainspan/system/config/network is requested from the web server running on the Gainspan unit, the wireless configuration is returned including the configured SSID and PSK in cleartext.

The doorbell is only secured to its back plate by two standard screws. This means that it is possible for an attacker to gain access to the homeowner?s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL.

As it is just a simple URL this can be performed quite easily from a mobile device such as a phone and could be performed without any visible form of tampering to the unit.”

In short, your smart doorbell could potentially make you immeasurably less secure, without any visible signs of tampering to the outside unit. This is, the researchers have warned in a previous post, similar to a vulnerability common in a popular smart bathroom scale, which can be easily tricked into sharing a user’s WPA-PSK. Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem, though obviously not all vulnerabilities get fixed this quickly, and it’s one more example of “smart” technology being a great advertisement for more traditional, dumb devices.

And despite notable experience with security issues, broadband ISPs that have been eager to jump into the smart home arena aren’t having much more luck. A flaw was recently exposed in Comcast’s Xfinity home security and automation service, allowing a hacker to trick the system into reporting an “all clear” state by jamming the 2.4 GHz radio used by the service. The security service would then report that everything was fine for up to three hours, and once communication was re-established with the service base station, the system never informed the user there was a problem. So smart!

And the end of the day, if you’re interested in a smarter, more secure home, you may want to consider a dog.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ding-Dong — Your Easily Hacked 'Smart' Doorbell Just Gave Up Your WiFi Credentials”

Subscribe: RSS Leave a comment
49 Comments
Anonymous Coward says:

Design flaw

Notwithstanding the software/firmware issue: any security hardware worth it’s name will have it’s reset button/protocol on the inside of the premise being protected.

Look at any doorknob/deadbolt lockset and you’ll see they’re dismountable on the inside only.

This doorbell/camera should have two parts: the main unit on the outside and the controller on the inside. Single units on the outside is just asking for trouble.

Anonymous Coward says:

“This means that it is possible for an attacker to gain access to the homeowner’s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL.”

Since the Ring is a motion sensing camera you will also have a video of someone unscrewing your doorbell from the wall:) and since it can be configured to alert you when the camera is “on” you could even start talking to the person tampering with your door bell. something like ” I would work a little quicker if I were you the Police are on the way” should be enough to do the trick 😉

techno says:

Bad lock no signal

So physical locks are easily bypassed with bump keys. Padlocks are easy to crack. Smart locks are bypassed with software….I think we may just suck at locks people.

You know who didn’t suck at locks? No..really I can’t think of anyone. Locks are hard. Heck the Chinese Emperor of the terra cotta army had to bury himself under a darned hill with traps and that still won’t work.

Anonymous Coward says:

Re: Bad lock no signal

Actually, good locks that are hard (not impossible) to pick are quite common and relatively well known (http://www.blackhat.com/presentations/bh-europe-08/Deviant_Ollam/Whitepaper/bh-eu-08-deviant_ollam-WP.pdf).

Problem is, if your front door lock is hard to pick, and you get locked out of home… how do you get back in? In a locksmith can’t pick the lock for you, then it’s time to drill the lock out and replace it. Of course, if you want to protect against other parties drilling the lock out just as easily, then you are victim to the same difficulties if you ever need to break in.

Physical locks don’t have to be easy to pick. But most people want them that way, at least in their homes.

streetlight (profile) says:

The Internet of things including thermostats

Didn’t I read somewhere that Google’s connected thermostat update drained the battery and prevented access. The result was that there was the possibility of a cold house and maybe frozen water pipes. Bad for folks who went to a warm place to get away from those Northern Minnesota temperatures and couldn’t use their cell phones to warm up their houses.

JBDragon (profile) says:

From what I just heard, this security issue was already FIXED!!! All RING Doorbells would automatically download and install this update as they all check for updates once a day.

Here is where it was originally Reported.

https://www.pentestpartners.com/blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/

Way down on the bottom of the page is says FIXED!!! This topic is now fear mongering or a issue that’s already been taken care of. Anyone with a RING Doorbell is already cured!!!

Anonymous Coward says:

Re: Re:

The issue of this particular vulnerability has been taken care of. I think the point’s more that this sort of vulnerability shows up at all: you note all the security screw-ups across the board of smart-things and see if their frequency increases or decreases. It’s nice to know if these fuck-ups are outliers or are part of an industry-wide, systemic carelessness.

That One Guy (profile) says:

Re: Re:

Meanwhile, towards the bottom of this article…

Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem, though obviously not all vulnerabilities get fixed this quickly, and it’s one more example of “smart” technology being a great advertisement for more traditional, dumb devices.

That it was a problem that was quickly fixed wasn’t the point of the article, the point was showing yet another example of how ‘smart’ devices can be really stupid and open up security vulnerabilities and/or cause other problems.

JustMe (profile) says:

Re: JBDragon

There is a difference between ‘a fix was issued’ and ‘a fix was applied by every home owner’ pal, not to mention the gap between ‘a fix was issued’ and ‘a fix works properly, isn’t buggy, doesn’t break some other core security component, and there aren’t any other massive security flaws in this no-privacy-by-design product.’

So no, not fear mongering, but instead educational content warning people of the actual/real/physical dangers these devices pose for the people that are on the inside of a house that is ‘protected’ by this device.

Anonymous Coward says:

If you’re going to call out the particular vendor, in this case Ring, then you should also be balanced and say that they have ALREADY PATCHED the issue, before it was disclosed to the public. They have already pushed out an automatic update to all existing customers to patch the issue.

This episode should be a warning to all IOT companies and potential customers, but also an example of an IOT company handling a discovered problem as well as possible.

myopia (profile) says:

Re: Re:

I think you (totally) miss the point here…

No amount of ‘firmware upgrade’ is going to change the fact that 2 screws and a big red^H^H^H orange button are all that keep the bad guys from connecting to the device’s management interface.

What IDIOT thought it was a good idea to put the private access zone on the insecure side of the device? (probably the same one who doesn’t know how to use a drill to bore a hole through the door!)

There’s an old adage… “never trust a programmer with a screwdriver.”

ltlw0lf (profile) says:

Re: Re:

Dogs have been the best security system since the dawn of man, and they’re in no danger of becoming obsolete.

Unfortunately, dogs have a fatal design flaw in that they are alive and like to eat. A zombie dog would be a safer bet, since they wouldn’t be interested in the steak laced with strychnine. An added benefit is their love of human brains.

In all seriousness though, dogs are far more expensive than a cheap doorbell, which is why they tend to not have as much of an acceptance rate, plus attackers can easily trap the dog in a closet with a steak and go about their nefarious activities.

TerryC says:

Re: Re: Dogs

There use to be a show called “IT takes a Thief” (not the one with Robert Wagner.) In it an ex-thief and security guy would break into people’s home (with their permission) to check their security setup. Many of these people had dogs. Typically the ex-thief stole the dog. No strychnine necessary. Feed the dog and they would follow him home.
Dogs are good to warn you of an intruder. They might even scare off a non-violent intruder. In a home invasion, or if you are not there what you’re most likely to end up with is a dead dog.

snowchaser (profile) says:

My thoughts as a Ring Owner

I have a Ring doorbell. If somebody tried to remove it I would get a notification and the video of the person doing it would be uploaded to the cloud. Also, they are not standard screws on the door bell. They are a proprietary security hex. While it would not stop someone determined to take the doorbell because the mounting bracket is plastic and could be ripped of the wall it would also slow them down.

So if somebody got my WiFi credentials by this method I would change the password. While it is unfortunate that they did not properly secure the device in the first place in the case the company did the right thing and immediately acknowledged and correct the issue. Which I suspect not all internet of things manufactures will do.

Richard Stallman (user link) says:

Biggest Intruder

Don’t forget that the party best placed to intrude in your digital devices is the manufacturer. That is, if the software is proprietary rather than free/libre. A proprietary program is completely under the control of its developer. Famous developers such as Microsoft, Apple, Amazon and Google make malware a standard practice (see http://gnu.org/proprietary/ for examples and references). The rest very likely do the same — but who knows?

Let’s demand free/libre software in “smart” devices, as in computers.
See http://gnu.org/philosophy/free-software-even-more-important.html.

Joey5Picks says:

So it's fixed?

“Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem”

So everything leading up to this sentence is moot? There was a problem, they fixed it, right?

And besides, the motion-sensing doorbell would notify you when someone was trying to remove it, so you’d be tipped off.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...