The Ring video doorbell is one of the most popular IoT devices on the market. The company started off on NBC’s Shark Tank and eventually was purchased by Amazon. There’s no doubt that the Ring video doorbell has been a huge success and there are many happy customers, a couple of use here at Techaeris included. But, at MWC 2019, one cybersecurity firm has announced a “major vulnerability” in Amazon’s IoT device. That being said, the vulnerability has been addressed by Amazon with an update to its Ring app.
Cybersecurity expert, Yossi Atias, General Manager, IoT Security at Dojo by BullGuard took the stage today at Mobile World Congress to demonstrate a live hack of the Amazon Ring video doorbell, exposing a previously unknown vulnerability in the popular IoT device.
UPDATED (02/27/2019 06:09 P.M. EST): This story has been updated with a statement from Ring below.
“Customer trust is important to us and we take the security of our devices seriously. The issue in the Ring app was previously fixed and we always encourage customers to update their apps and phone operating systems to the latest versions.”
ORIGINAL STORY CONTINUED:
The hack revealed unencrypted transmission of audio and/or video footage to the Ring application allows for arbitrary surveillance and injection of counterfeit video traffic, effectively compromising home security and putting family members’ safety at risk.
The Ring video doorbell vulnerability lies between the cloud service and the Ring mobile application. In the Ring video doorbell hack, Atias was able to change the video feed so the end user ‘believed’ they were seeing someone they know and let in previously.
“Ring is a well- respected IoT brand, however, the vulnerability we discovered in the Ring video doorbell reveals even highly secure devices are vulnerable to attack. This particular vulnerability is complex because it is between the cloud and the Ring mobile app, and is acted upon when the Ring video doorbell owner is away from home – meaning the package delivery person, housecleaner or babysitter might not actually be the same person at your door. Letting someone you ‘think’ you know into your home could potentially have dire consequences, particularly if your kids are at home.”
Yossi Atias, General Manager, IoT Security at Dojo by Bullguard
Dojo’s cybersecurity experts were able to gain access to the application traffic without difficulty and noted that if the Ring owner is at home, Wi-Fi access — either cracking weak encryption (if present) or exploiting another smart home device is needed. When the owner is in transit, a hacker can open a rogue Wi-Fi connection near the owner and wait for them to join, or join a common public network.
Once sharing a network, a simple ARP spoof allows the hacker to capture Ring data traffic before passing it on to the mobile app, and certain 3G/4G configurations may allow intra-network poisoning as well. Encrypting the upstream RTP (Real-Time Transport Protocol) traffic will not make forgery any harder if the downstream traffic is not secure, and encrypting the downstream SIP (Session Initiation Protocol) transmission will not thwart stream interception.
Spying on the doorbell allows for a gathering of sensitive information – household habits, names and details about family members, including children – all of which make the target easy prey for future exploitation. “Security is only as strong as its weakest link,” added Atias. “When handling sensitive data like a video doorbell, secure transmission is not a feature, but a must – particularly as the average consumer will not be aware of any tampering.”
Dojo by Bullguard
The Ring video doorbell vulnerability was found during the process of routine ethical hacking where the Dojo by BullGuard cyber research team examines various IoT devices to constantly improve the Dojo Intelligent IoT Platform (DIP) capabilities to defend against potential vulnerabilities.
While the vulnerability has been addressed, it shows just how serious cybersecurity in IoT devices is and how bad actors could take advantage of such devices. It’s important that companies like Amazon and others are continuously testing for such issues.