Ding-Dong -- Your Easily Hacked 'Smart' Doorbell Just Gave Up Your WiFi Credentials

from the not-so-smart-devices dept

Have we mentioned lately that when it comes to the so-called "internet of things," security is an afterthought? Whether it's your automobile, your refrigerator or your tea kettle, so-called "smart" internet of things devices are consistently and alarmingly showing that they're anything but. If these devices aren't busy giving intruders access to your networks and passwords, they're often making life more difficult than so-called dumb devices. Last week, for example, the popular Nest smart thermostat simply stopped working after a software update, resulting in thousands of customers being unable to heat their homes.

Now yet another security problem has been revealed in The Ring smart video doorbell, which lets you see who's at your front door via a smartphone app. According to a blog post by Pen Test partners, all an intruder needs to do is to remove two screws, press a big orange reset button, and they're able to access the configuration URL for the entire system, which can be chained with other devices including door locks and home security cameras:
"If the URL /gainspan/system/config/network is requested from the web server running on the Gainspan unit, the wireless configuration is returned including the configured SSID and PSK in cleartext. The doorbell is only secured to its back plate by two standard screws. This means that it is possible for an attacker to gain access to the homeowner’s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL. As it is just a simple URL this can be performed quite easily from a mobile device such as a phone and could be performed without any visible form of tampering to the unit."
In short, your smart doorbell could potentially make you immeasurably less secure, without any visible signs of tampering to the outside unit. This is, the researchers have warned in a previous post, similar to a vulnerability common in a popular smart bathroom scale, which can be easily tricked into sharing a user's WPA-PSK. Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem, though obviously not all vulnerabilities get fixed this quickly, and it's one more example of "smart" technology being a great advertisement for more traditional, dumb devices.

And despite notable experience with security issues, broadband ISPs that have been eager to jump into the smart home arena aren't having much more luck. A flaw was recently exposed in Comcast's Xfinity home security and automation service, allowing a hacker to trick the system into reporting an "all clear" state by jamming the 2.4 GHz radio used by the service. The security service would then report that everything was fine for up to three hours, and once communication was re-established with the service base station, the system never informed the user there was a problem. So smart!

And the end of the day, if you're interested in a smarter, more secure home, you may want to consider a dog.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Chris ODonnell (profile), 21 Jan 2016 @ 11:51am

    I have two dogs, and zero "connected appliances." That makes my house a smart house, right?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 12:43pm

      Re:

      I have two dogs, and zero "connected appliances." That makes my house a smart house, right?
      You're smart. The dogs are smart. The house is under investigation because the government (and their freelance counterparts) can't just walk in in any time they want to without you noticing.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 11:52am

    Design flaw

    Notwithstanding the software/firmware issue: any security hardware worth it's name will have it's reset button/protocol on the inside of the premise being protected.

    Look at any doorknob/deadbolt lockset and you'll see they're dismountable on the inside only.

    This doorbell/camera should have two parts: the main unit on the outside and the controller on the inside. Single units on the outside is just asking for trouble.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 12:02pm

    Odds are Google (via Android) and your ISP (via their router) already have your WiFi credentials. At least this threat model consists of someone physically breaking into your stuff. If you're really concerned about the IoT put it on a separate guest network.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Anonymous Coward, 21 Jan 2016 @ 12:02pm

    Ding Dong

    That is either an inappropriate nickname for those that succumb to the 'smart house' marketing or a renaming of the song from The Wizard of Oz proclaiming a dead witch, which might just be metaphorical for household security.

    Oh yeah, it is also a trade marked snack cake item. Tasty!

    reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 21 Jan 2016 @ 12:03pm

    Multiple Router SSIDs

    Obviously, real security requires MULTIPLE PSKs, one for each insecure security device! Security devices should treat PSKs the same way passwords are treated: You can input them, but not get them back out!

    Or, at a minimum, a remote sensor and an inside transmit unit!

    reply to this | link to this | view in chronology ]

  • icon
    TechDescartes (profile), 21 Jan 2016 @ 12:18pm

    And They Said It Was Impossible

    See? It only took a short time for Silicon Valley to solve the encryption wars: instead of a backdoor key, a back doorbell.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 12:23pm

    "This means that it is possible for an attacker to gain access to the homeowner’s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL."

    Since the Ring is a motion sensing camera you will also have a video of someone unscrewing your doorbell from the wall:) and since it can be configured to alert you when the camera is "on" you could even start talking to the person tampering with your door bell. something like " I would work a little quicker if I were you the Police are on the way" should be enough to do the trick ;)

    reply to this | link to this | view in chronology ]

  • identicon
    techno, 21 Jan 2016 @ 12:27pm

    Bad lock no signal

    So physical locks are easily bypassed with bump keys. Padlocks are easy to crack. Smart locks are bypassed with software....I think we may just suck at locks people.

    You know who didn't suck at locks? No..really I can't think of anyone. Locks are hard. Heck the Chinese Emperor of the terra cotta army had to bury himself under a darned hill with traps and that still won't work.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 1:08pm

      Re: Bad lock no signal

      The engineers who designed the Panama Canal locks did a pretty good job back in the day. And Lascco makes wonderful lox. Although, other than (maybe) Slartibartfast, I can't think of anyone who made lochs or loughs.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 9:31pm

      Re: Bad lock no signal

      Actually, good locks that are hard (not impossible) to pick are quite common and relatively well known (http://www.blackhat.com/presentations/bh-europe-08/Deviant_Ollam/Whitepaper/bh-eu-08-deviant_ollam- WP.pdf).

      Problem is, if your front door lock is hard to pick, and you get locked out of home... how do you get back in? In a locksmith can't pick the lock for you, then it's time to drill the lock out and replace it. Of course, if you want to protect against other parties drilling the lock out just as easily, then you are victim to the same difficulties if you ever need to break in.

      Physical locks don't *have* to be easy to pick. But most people want them that way, at least in their homes.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 12:29pm

    Perhaps you are missing the point here?
    These devices are non-secure by design. They have been intentionally make to be hacked and you are supposed to run out and get you some of that.

    reply to this | link to this | view in chronology ]

  • icon
    streetlight (profile), 21 Jan 2016 @ 12:49pm

    The Internet of things including thermostats

    Didn't I read somewhere that Google's connected thermostat update drained the battery and prevented access. The result was that there was the possibility of a cold house and maybe frozen water pipes. Bad for folks who went to a warm place to get away from those Northern Minnesota temperatures and couldn't use their cell phones to warm up their houses.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 12:57pm

    I'm too dumb to properly configure smart appliances, so I use old-fashioned dumb appliances. Which means I'm safe and smart... I think the IOT is actually starting to give us idiots an advantage. Bow before us, brain-head thinky people!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 1:17pm

    > Bow before us, brain-head thinky people!

    Of the few people I know who have been fooled into putting even just a "smart" thermostat in their homes, not one is what I would consider "smart".

    reply to this | link to this | view in chronology ]

  • icon
    JBDragon (profile), 21 Jan 2016 @ 2:38pm

    From what I just heard, this security issue was already FIXED!!! All RING Doorbells would automatically download and install this update as they all check for updates once a day.

    Here is where it was originally Reported.

    https://www.pentestpartners.com/blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/

    Way down on the bottom of the page is says FIXED!!! This topic is now fear mongering or a issue that's already been taken care of. Anyone with a RING Doorbell is already cured!!!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 3:05pm

      Re:

      The issue of this particular vulnerability has been taken care of. I think the point's more that this sort of vulnerability shows up at all: you note all the security screw-ups across the board of smart-things and see if their frequency increases or decreases. It's nice to know if these fuck-ups are outliers or are part of an industry-wide, systemic carelessness.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Jan 2016 @ 5:54pm

        Re: Re:

        Where is your willing suspension of disbelief?
        You are supposed to not think about what could possibly go wrong and simply buy their crapware and submit to their spying. What the hell is wrong with you?

        reply to this | link to this | view in chronology ]

    • identicon
      Tekmaniac, 21 Jan 2016 @ 4:38pm

      Re:

      Yes this was already fixed. In fact this company did it almost on the same day that it was reported. Which was last Friday. So you guys are a little behind here.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 5:57pm

      Re:

      "Doorbells would automatically download and install this update as they all check for updates once a day."

      This is a doorbell, ffs.
      Who the hell needs a doorbell anyway, make 'em knock on the door. Hey, is there an internet connected door knocker?

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 21 Jan 2016 @ 9:59pm

      Re:

      Meanwhile, towards the bottom of this article...

      Fortunately the company behind the smart doorbell tells the research firm that they quickly issued a firmware patch for the problem, though obviously not all vulnerabilities get fixed this quickly, and it's one more example of "smart" technology being a great advertisement for more traditional, dumb devices.

      That it was a problem that was quickly fixed wasn't the point of the article, the point was showing yet another example of how 'smart' devices can be really stupid and open up security vulnerabilities and/or cause other problems.

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 22 Jan 2016 @ 3:28am

        Re: Re:

        And honestly, what would prevent a really focused attacker from faking a wireless connection and forcing a fake firmware update? I don't know how to fix this vulnerability because wires can be hacked as well but at least you can secure the wires behind a physical barrier.

        reply to this | link to this | view in chronology ]

    • icon
      JustMe (profile), 22 Jan 2016 @ 5:09am

      Re: JBDragon

      There is a difference between 'a fix was issued' and 'a fix was applied by every home owner' pal, not to mention the gap between 'a fix was issued' and 'a fix works properly, isn't buggy, doesn't break some other core security component, and there aren't any other massive security flaws in this no-privacy-by-design product.'

      So no, not fear mongering, but instead educational content warning people of the actual/real/physical dangers these devices pose for the people that are on the inside of a house that is 'protected' by this device.

      reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 21 Jan 2016 @ 2:58pm

    HELP!

    I completely removed my front door in the name of convenience, but now thieves can just walk into my home. Does anyone know of a way I can secure my front doorway?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 3:40pm

    If you're going to call out the particular vendor, in this case Ring, then you should also be balanced and say that they have ALREADY PATCHED the issue, before it was disclosed to the public. They have already pushed out an automatic update to all existing customers to patch the issue.

    This episode should be a warning to all IOT companies and potential customers, but also an example of an IOT company handling a discovered problem as well as possible.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 6:01pm

      Re:

      Yes, however - the issue is somewhat larger than one specific instance, it points toward a more pervasive lackadaisical attitude toward ones customers. This give a shit attitude can be seen across all industry, but let's just let them slide - not.

      reply to this | link to this | view in chronology ]

    • icon
      myopia (profile), 30 Jan 2016 @ 11:48am

      Re:

      I think you (totally) miss the point here...

      No amount of 'firmware upgrade' is going to change the fact that 2 screws and a big red^H^H^H orange button are all that keep the bad guys from connecting to the device's management interface.

      What IDIOT thought it was a good idea to put the private access zone on the insecure side of the device? (probably the same one who doesn't know how to use a drill to bore a hole through the door!)


      There's an old adage... "never trust a programmer with a screwdriver."

      reply to this | link to this | view in chronology ]

  • identicon
    Steve Moore, 21 Jan 2016 @ 3:44pm

    The problem here is

    This product boasts amongst other things a very poor design with fundamental flaws. As a software engineer in the I am horrified. This product was clearly built down to a price rather than up to a standard.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jan 2016 @ 7:49pm

      Re: The problem here is

      You could say the same about most Wi-fi routers, smartphones, or pretty much any commodity electronic device.

      reply to this | link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 21 Jan 2016 @ 4:02pm

    So how's those back doors (or in this case front doors) working out?

    reply to this | link to this | view in chronology ]

  • icon
    z! (profile), 21 Jan 2016 @ 4:25pm

    Y'know, I already have a device that lets me see who's at the door. It's called a "window", and in over 50 years it hasn't needed batteries or an upgrade.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Jan 2016 @ 7:25pm

    pounding square pegs in a circle

    Wtf are doorbells using wifi to begin with? That sounds just as sensible as using wifi in a car key's alarm dongle. Wouldn't a better alternative be to use an RF module?

    reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 21 Jan 2016 @ 8:34pm

    Dogs have been the best security system since the dawn of man, and they're in no danger of becoming obsolete.

    Also, in Russia, doorbell rings you.

    reply to this | link to this | view in chronology ]

    • icon
      ltlw0lf (profile), 22 Jan 2016 @ 8:25am

      Re:

      Dogs have been the best security system since the dawn of man, and they're in no danger of becoming obsolete.

      Unfortunately, dogs have a fatal design flaw in that they are alive and like to eat. A zombie dog would be a safer bet, since they wouldn't be interested in the steak laced with strychnine. An added benefit is their love of human brains.

      In all seriousness though, dogs are far more expensive than a cheap doorbell, which is why they tend to not have as much of an acceptance rate, plus attackers can easily trap the dog in a closet with a steak and go about their nefarious activities.

      reply to this | link to this | view in chronology ]

      • identicon
        TerryC, 1 Apr 2016 @ 9:21am

        Re: Dogs

        There use to be a show called "IT takes a Thief" (not the one with Robert Wagner.) In it an ex-thief and security guy would break into people's home (with their permission) to check their security setup. Many of these people had dogs. Typically the ex-thief stole the dog. No strychnine necessary. Feed the dog and they would follow him home.
        Dogs are good to warn you of an intruder. They might even scare off a non-violent intruder. In a home invasion, or if you are not there what you're most likely to end up with is a dead dog.

        reply to this | link to this | view in chronology ]

  • icon
    snowchaser (profile), 21 Jan 2016 @ 9:16pm

    My thoughts as a Ring Owner

    I have a Ring doorbell. If somebody tried to remove it I would get a notification and the video of the person doing it would be uploaded to the cloud. Also, they are not standard screws on the door bell. They are a proprietary security hex. While it would not stop someone determined to take the doorbell because the mounting bracket is plastic and could be ripped of the wall it would also slow them down.

    So if somebody got my WiFi credentials by this method I would change the password. While it is unfortunate that they did not properly secure the device in the first place in the case the company did the right thing and immediately acknowledged and correct the issue. Which I suspect not all internet of things manufactures will do.

    reply to this | link to this | view in chronology ]

  • identicon
    Richard Stallman, 24 Jan 2016 @ 2:59am

    Biggest Intruder

    Don't forget that the party best placed to intrude in your digital devices is the manufacturer. That is, if the software is proprietary rather than free/libre. A proprietary program is completely under the control of its developer. Famous developers such as Microsoft, Apple, Amazon and Google make malware a standard practice (see http://gnu.org/proprietary/ for examples and references). The rest very likely do the same -- but who knows?

    Let's demand free/libre software in "smart" devices, as in computers.
    See http://gnu.org/philosophy/free-software-even-more-important.html.

    reply to this | link to this | view in chronology ]

  • identicon
    Alisha kristy, 21 Jul 2016 @ 4:30am

    Yes, I also like this Ding-Dong smart doorbell because of some new device. Its included some great features that make our life is so easy. It’s always saved our home. It’s not added LED flashing light. Otherwise, it will a great home doorbell.

    reply to this | link to this | view in chronology ]

  • identicon
    Doorbell Hub, 18 May 2017 @ 10:36pm

    Amazing Info

    You got into my nerves. I am just now more aware and will let my users know about this concern

    reply to this | link to this | view in chronology ]

  • identicon
    Skybell Vs Ring, 31 May 2017 @ 4:37am

    Skybell Vs Ring

    Beautiful Insights. Would definitely love to give a pingback to this article.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.