The security sleuths at Bitdefender have disclosed that the widely popular Amazon Ring Video Doorbell had a flaw that could have allowed a malicious actor to intercept the owner’s Wi-Fi network credentials.
Amazon-owned Ring undoubtedly brings to the market the best video doorbells but the disclosure from the security company may concern quite a few people. The flaw is a serious one and it is not known if anyone was affected by it.
“When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point,” said Bitdefender told TechCrunch. “Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”
It is believed that the Ring Video Doorbell pro was sending the owner’s Wi-Fi passwords in cleartext when it joined a local network. This allowed an attacker to intercept the Wi-Fi password which could be used to gain access to the network and later use it to scale larger attacks. This flaw could have even allowed the attacker to conduct surveillance through the compromised device.
Amazon has already fixed the flaw but the issue was disclosed only today.