Bitdefender researchers have discovered a vulnerability in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker to intercept the owner’s Wi-Fi network credentials. The vulnerability was part of a responsible disclosure process, was fixed and delivered via automated update by Ring’s dev team. Amazon’s Ring Video Doorbell Pro IoT is an immensely popular device with almost 17,000 reviews and more than 1000 answered questions on the Amazon.com website.
Once in possession of a user’s WIFI password, an attacker has full access to the network (worth mentioning that security on internal network is really lax with many devices (such as Smart TVs) allowing interaction even without any authentication whatsoever). Examples of possible things an attacker might do without user knowledge:
Interact with all devices within the household network;
Intercept network traffic and run ‘man-in-the-middle’ attacks
Access all local storage (NAS, for example) and subsequently access private photos, videos and other type of information
Exploit all vulnerabilities existing in the devices connected to the local network and get full access to each and every device; that may lead into reading emails and private conversations
Get access to security cameras and steal video recordings
How the vulnerability worked
During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi. Worthy mentions:
The attacker doesn’t need to know anything about the victim’s network and does not need to be associated with that WiFi access point. Sniffing WiFi packets broadcasted over unencrypted channels is standard in the WiFi RFC
Attackers can trigger the reconfiguration of the Ring Video Doorbell Pro. One way to do this is to continuously send de-authentication packets, so that the device is dropped from the wireless network. At this point, the App loses connectivity and tells the user to reconfigure the device.
What the user needs to do
The device already received an automatic security update that fixes the issue. So, to be on the safe side Ring Video Doorbell Pro users can make sure they have the latest update installed and if this is the case, they’re safe.