Another day, another great big security flaw
The Ring Video Doorbell had a security flaw that could enable an attacker to show a fake video stream to the user, a security firm has shown. The flaw has now been fixed, but users running older firmware could still be at risk.
Researchers at BullGuard demonstrated at MWC 2019 how attackers with access to the home’s wireless network could view the video doorbell’s feed, and even inject their own fake footage. That, theoretically, could be used to trick users into opening their front door, physically or via a connected smart lock.
And Ring has responded: “Customer trust is important to us and we take the security of our devices seriously. The issue in the Ring app was previously fixed and we always encourage customers to update their apps and phone operating systems to the latest versions,” a spokesperson said.
Ring was snapped up by Amazon last year, but this isn’t the first security problem to hit the company. It was claimed that in 2016 Ring employees could access recorded footage stored on Amazon’s servers – something the company refutes:
“Ring does not provide and never has provided employees with access to livestreams of Ring devices. As mentioned in our statement, Ring employees only have access to recordings that are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes,” it continued.
Security concerns continue to dog the smart home industry, and serve as a constant reminder about the personal access users give to tech giants. Google is also getting heat over the microphone placed inside the Nest Guard product, which the company neglected to mention in its marketing materials.
As with many smart home security flaws, the realities of the hack being exploited are small. An attacker gaining access to your home Wi-Fi, in order to set up an advanced hack on your Ring doorbell to (possibly) trick you into opening the door, would be a serious next-level play. But these constant – seemingly lackadaisical – security vulnerabilities do nothing to inspire the confidence of users that are putting the microphones and cameras of tech giants into their homes.