Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon’s Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.
In case you don’t own one of these, Amazon’s Ring Video Doorbell is a smart wireless home security doorbell camera that lets you see, hear and speak to anyone on your property from anywhere in the World.
The smart doorbell needs to be connected to your WiFi network, allowing you to remotely access the device from a smartphone app to perform all tasks wirelessly.
While setting up the device for the very first time and share your WiFi password with it, you need to enable the configuration mode from the doorbell.
Entering into the configuration mode turns on a built-in, unprotected wireless access point, allowing the RING smartphone app installed on your device to automatically connect to the doorbell.
However, researchers told The Hacker News that besides using an access point with no password, the initial communication between the Ring app and the doorbell, i.e., when you share your home’s WiFi password with the doorbell, is performed insecurely through plain HTTP.
images from Hacker News