Popular Video Doorbells Can Be Easily Hijacked, Researchers Find (techcrunch.com) 36
Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. From a report: On Thursday, the non-profit Consumer Reports published research that detailed four security and privacy flaws in cameras made by EKEN, a company based in Shenzhen, China, which makes cameras branded as EKEN, but also, apparently, Tuck and other brands. These relatively cheap doorbell cameras were available on online marketplaces like Walmart and Temu, which removed them from sale after Consumer Reports reached out to the companies to flag the problems. These doorbell cameras are, however, still available elsewhere.
According to Consumer Reports, the most impactful issue is that if someone is in close proximity to a EKEN doorbell camera, they can take "full control" of it by simply downloading its official app -- called Aiwit -- and putting the camera in pairing mode by simply holding down the doorbell's button for eight seconds. Aiwit's app has more than a million downloads on Google Play, suggesting it is widely used. At that point, the malicious user can create their own account on the app, scan the QR code generated by the app by putting it in front of the doorbell's camera.
According to Consumer Reports, the most impactful issue is that if someone is in close proximity to a EKEN doorbell camera, they can take "full control" of it by simply downloading its official app -- called Aiwit -- and putting the camera in pairing mode by simply holding down the doorbell's button for eight seconds. Aiwit's app has more than a million downloads on Google Play, suggesting it is widely used. At that point, the malicious user can create their own account on the app, scan the QR code generated by the app by putting it in front of the doorbell's camera.
Bast the suers! (Score:2)
I can't wait for such a company to get its ass sued to Hell and back to send a message to the industry.
Re: Bast the suers! (Score:5, Informative)
They're in china so good luck with that. They'll just exit the market and come back another day with a new brand name.
Re: in china so good luck [sueing] (Score:2)
Then mail them 10,000 Winnie the Pooh stuffed animals. And Tank Man action figures.
Re: (Score:2)
I can't wait for such a company to get its ass sued to Hell and back to send a message to the industry.
In your dreams maybe, let's face it, if cars companies can get away with selling cars that can be easily "hijacked" and taken away, imagine the time before they get on the doorbell case!
Re: (Score:2)
These are no-name companies that are rebranding no-name electronics. When Amazon shuts down one of their stores, they simply register a new one. It's wack-a-mole and it continues.
Re: (Score:2)
They don't have to register on Amazon in the first place. A ton of online Sellers these days are just dropshippers Listing identical products with whatever description they think appeals to potential customers.
They shut down one seller, then 5 more will spring up selling the exact same product with a slightly different description
Piss-poor design (Score:2)
That's like designing a lock with re-keying available on the exterior / insecure side.
Luckily it's only a camera, and it only faces outward, but it is still inexcusable. If this 'hack' can get you access to the owner's WiFi code, beyond inexcusable.
Re: (Score:2)
Re: (Score:2)
That's like designing a lock with re-keying available on the exterior / insecure side.
Every re-keyable lock I've ever used has re-keying on the outside. The critical step is to require the key to already be in the lock and turned before pushing that button does anything. In much the same way, this wouldn't be a problem if it required you to authenticate after Bluetooth pairing before being able to change anything.
Re: (Score:2)
Every re-keyable lock I've ever used has re-keying on the outside
True!
I think the real difference here is the Lock on your door is a security device designed to resist attack to a certain degree,
and a Doorbell camera is not a security device - it is Just there for convenience and perhaps some extra monitoring purposes, but it's not designed to resist attacks. It would be a good idea to have actual security cameras (mounted up high), to monitor for security purposes as well, not just see who's at the d
Re: (Score:2)
Ok, just damn you and your accurate reality-based facts, sir/madam. Damn you straight to hell.
FFS, I have a re-keyable lock about 3 feet from me right now, that I recently re-keyed. I should know better.
Check the videos ... (Score:2)
... for people who are
putting the camera in pairing mode by simply holding down the doorbell's button for eight seconds and scanning the QR code generated by the app by putting it in front of the doorbell's camera.
Re: (Score:2)
Ya know, if someone wanted to be a bastard, they'd have a dummy doorbell camera so when someone tried this the QR code would wipe their phone, or something similarly malicious.
Re: (Score:2)
The QR code is made by the Phone App and scanned by the doorbell, so I don't think there's any way to wipe the phone through that process.
Of course you could try making a Doorbell that has a LCD display of its own and Displays a code the user is asked to scan.
Re: (Score:3)
https://www.youtube.com/watch?... [youtube.com]
Cheesus Rice People! (Score:3)
It's one thing to purchase products made in China for other companies (looking at you Apple), but you are just asking for it if you purchase Chinese products made in China for the Chinese market. Chinese manufacturers don't give a shit about security because it's not in their interest to do so. I'm sure the CCP either rewards or mandates Chinese companies to keep this piss poor level of security. STOP BUYING CHINESE SHIT that has ANYTHING to do with security. It's the same thing as asking a thief to guard the valuables in your home.
Re: (Score:2)
Yes, that is what I meant to convey. Thank you for clarifying that.
Re: (Score:2)
I got stuck with a cheap 4-cam monitor system once. I installed it and it worked adequately, but when I got to the point of setting it up to be able to monitor it remotely, there was a set of instructions that looked like a typical config for a router, with just an IP address for the target server. I looked it up...and of course it was in China. I decided that I didn't need to monitor it remotely.
Re: (Score:2)
Am sure the CCP is concerned about security within China and only wants official backdoors in products sold there.
They are probably not too bothered about products elsewhere - as long as the manufacturer keeps them updated about security issues on their products.
Did you know that China already has a law stating that Chinese producers of hardware and software have to inform the CCP about any exploit / bug within their product before they can even inform the general public? Article 9 in that law is very inter
Re: (Score:2)
It's nothing to do with them being Chinese. It's to do with the price. People want cheap stuff, and the only way to make it cheaper is to cut corners. You aren't going to be hiring the best IoT developers and backend staff, or running the most secure servers, at this price point.
The headline is overblown anyway. The attack works, but warns the owner immediately that someone did it, and very likely shows them a photo of the person who did it captured by the doorbell itself. It has very little utility, as it
Who cares? (Score:3)
Sounds like a non-issue? (Score:2)
I mean, sure, it's really poor design to have the factory reset button be the actual ring button, instead of a separate switch that you need to go through some effort to get to. But I'd be hard pressed to categorize it as a security flaw. It's a factory reset, that pretty much any connected device has a reset button to facilitate. The owner is notified and the "hijacker" does not get access to anything on the owner's account, they just get to connect the camera to their own account instead and have access t
Re: (Score:2)
I mean, sure, it's really poor design to have the factory reset button be the actual ring button, instead of a separate switch that you need to go through some effort to get to. But I'd be hard pressed to categorize it as a security flaw. It's a factory reset, that pretty much any connected device has a reset button to facilitate. The owner is notified and the "hijacker" does not get access to anything on the owner's account, they just get to connect the camera to their own account instead and have access to it from that point (provided they have some way of providing it with wifi) and until the owner has looked up how to reset it again.
More than that, even if the device is thoroughly locked down, I suspect that most of the video doorbells on the market can be pulled down and swapped with an identical one programmed differently in a matter of seconds, and that *won't* notify the owner, though they might get notification that their camera hasn't phoned home at some point. Not sure what good it would do unless there's an open wireless network nearby, though.
Re: (Score:2)
I almost included that very point, but decided it was best to not go on and on by trying to cover all scenarios.
My only personal experience is with Ring, and it's just a single "security screw" (that's fancy Amazon spelling for torx) between someone and the reset button. A few more screws to get it off the wall. If anyone were to do anything, it would be stealing it. But it's not like I wouldn't notice. I'd get motion notification and a video of the person as they loosen the screw, unless they show up with
Such a surprise (Score:4, Informative)
Cheap, crappy teach is cheap and crappy. Who would have thought.
Incidentally, only loosely related, I like to occasionally buy and analyze products out of, for example, China, that I suspect are bad. Last one was a 25A 220VAC solid-state relay with 3-32V control voltage by a brand that is sold by a lot of vendors on AliExpress. Here is a list of what was readily obvious:
1. Bad insulation of control circuit. Creepage separation about 0.5mm.
2. Bad insulation Triac to cooler. Again maybe 0.5mm over plastic.
3. One of the power terminals lose, fire risk.
4. Triac used has 12A absolute maximum rating. Survival time under 25A load: Seconds to weeks. That is if the part was not fake and even worse.
That is tech that can kill people.
Re: (Score:2)
Amazon and AliExpress really need to get on top of this. AliExpress needs to improve their return system as well. I recently returned a cable that didn't come with the bracket shown in the photo, and had to chase them for the refund on return postage. The return address was in the UK at least.
Returning this stuff is the best way to deal with it, and leave a review too of course. Returns cost the seller money, so create a nice disincentive to lie or sell crap. Of course, Amazon and AliExpress should police i
Re: (Score:2)
Yes. I would go farther and say Amazon and AliExpress should be liable when products this bad do damage. Obviously, they can then try to propagate the liability to the actual seller, but that should be on them.
That said, I buy a lot on AliExpress and many things are actually good. And yes, the prices are often 10-20x lower and even more so when shipping is taken into account. Hence if you know how to spot bad quality products, AliExpress saves a lot of money and quite a few things are really hard to even ge
Re: (Score:2)
Liability sounds like a good idea. There is a certain amount of it already in Europe. As the seller, Amazon becomes liable for warranty issues, and recalls. They deal with it by having suppliers agree to cover costs.
You are right about it being an overall win, even if some stuff is junk. As long as you feel competent to check things yourself, it's fine. Sadly I think many people are not able to do that.
Thing is, other retailers aren't necessarily any better. I bought a 9V DC power supply from a supposedly r
Re: (Score:2)
In my professional life I always make a point of breaking open any PSU we ship with a product, before signing off on it.
Good policy. Some manufacturers are just the worst scum imaginable. Some, even Chinese ones, deliver solid quality.
Re: (Score:2)
Mean Well are my go-to.
Re: (Score:2)
Same here. MW does do good PSU engineering.
I don't see this as a problem (Score:2)
Consumer Reports has fallen quite a bit.
If people are actually doing this they are intentionally violating the owner's privacy and property. This isn't much different than unscrewing two screws at the bottom of a "secure" Ring doorbell and pressing the bright orange pair button in there. Sure it's a couple extra steps but there is nothing special in the way of doing exactly that. Regardless, to take control of the "unsecured" doorbell camera requires stepping onto the owner's property (with video evidence
Civil law suits walmart, amazon??? (Score:2)
BUT, could civil law suits be done? Over and over and over, retailers hide behind foreign made goods while actually KNOWING that the same garbage, different label is being sold by them.
Just like we need to start holding companies responsible for losing our data by allowing the company to be cracked or offshoring.