Amazon Ring doorbells could let hackers hijack your Wi-Fi

News
By
last updated

Wi-Fi passwords broadcast to hackers by Ring products

(Image credit: Amazon)

New research has found that Amazon Ring smart doorbells may have a number of signficant security flaws.

Findings from Bitdefender discovered that the products were leaking the password for the Wi-Fi networks of their users, making the details available for any third parties.

The issue appears to affect the Ring Video Doorbell Pro device, which costs around £220/$225, with thousands of users potentially at risk of having their home networks compromised.

Unsecure

Bitdefender's research found that when a Ring doorbell registered with a user's Wi-Fi network, it was sending the password needed to join in cleartext. This could have allowed hackers to intercept the password, and then use it to infiltrate the network for malicious purposes.

This data was also being sent over an unencrypted connection, putting the user network at further risk.

“When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point,” Bitdefender said in a blog post detailing the findings. “Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”

Bitdefender found that hackers could also potentially trigger the reconfiguration of the Ring Video Doorbell Pro by overloading it with a stream of deauthentication messages, making the device get dropped from its wireless network. When this happens, the mobile app loses connectivity and asks the user to reconfigure the device, giving hackers another way in.

Bitdefender says that all Ring Doorbell Pro cameras have received a security update that fixes the issues its team found, and that users should download and install this as soon as possible.

"Customer trust is important to us and we take the security of our devices seriously," a Ring spokesperson told TechRadar Pro. "We rolled out an automatic security update addressing the issue, and it's since been patched."

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one
More about security
Dr Chase Cunningham speaking at ZTW25

The grand delusion: endpoint protection isn’t the magic pill, says Dr Zero Trust
An American flag flying outside the US Capitol building against a blue sky

Sean Plankey selected as CISA director by President Trump
OpenAI

What is OpenAI's Deep Research? Everything we know about the best AI research assistant

See more latest
Most Popular
Three photos of the iPad Air M3 and its camera
iPad Air M3 review roundup – should you buy Apple's new mid-range tablet?
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April