Jump to content

Hackers Can Spy on and Hijack Amazon Doorbell’s Video Feed


Reefa

Recommended Posts

researchers-security-hole-amazon-ring-sm
 

Security researchers have found that data streams from Amazon-Owned Ring doorbell’s app can be easily compromised.

 

In a blog post on hardware security company Dojo’s website, cybersecurity expert Or Cyngiser outlined the issue: using a specialized security assessment tool called VideoSnarf, he and a team of researchers were able to extract and inject video and audio information as it transferred from the Ring doorbell to its app.

 

That’s a big problem: criminals could target Ring doorbells to gather sensitive information about potential targets.

 

“The attack scenarios possible are far too numerous to list, but for example imagine capturing an Amazon delivery and then streaming this feed,” Cyngiser wrote. “It would make for a particularly easy burglary.

 

Spying on the doorbell allows for gathering of sensitive information — household habits, names and details about family members including children, all of which make the target an easy prey for future exploitation.”

Injecting Footage

The researchers even demonstrated that they could inject their own video and audio feed, Oceans 11 style, on stage at the Mobile World Congress in Barcelona.

 

“We developed a [proof of concept], whereby we first captured real footage in a so-called ‘recon mode,'”

 

reads the blog post. “Then, in ‘active mode’ we can drop genuine traffic and inject the acquired footage.”

The hack was completely untraceable, the team said.

Patch Adams

It’s not the first time Amazon’s Ring doorbell has landed in hot water over security issues. In May 2018, The Conversation reported that Ring customers remained logged in even after changing the password to access the device.

 

Ring scrambled and released an over-the-air update yesterday.

 

But users who haven’t downloaded the update, according to Cyngiser, are still vulnerable.

 

“Letting the babysitter in while kids are at home could be a potentially life threatening mistake,” Cyngiser wrote.

 

source

Link to comment
Share on other sites


  • Replies 1
  • Views 445
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...