How hackers could have spied on Amazon doorbell's video feed
What's the story
Amazon's Ring doorbell recently suffered from a major security issue, a bug that allowed hackers to spy on, even modify the video feed of the system.
The vulnerability, which was demoed at the Mobile World Congress, posed a major threat to the security of those using the system.
However, Amazon was quick to patch to issue following its discovery.
Here are the details.
Issue #1
Data streams extracted from Ring doorbell
Yesterday, Yossi Atias from cybersecurity company Dojo demonstrated how Ring doorbell's system can be hacked into.
Using a security assessment tool called VideoSnarf, he was able to exploit the flaw and get direct access to unencrypted data streams from the doorbell.
Surprisingly, they got full access to audio and video information as it transferred from the doorbell to the app.
Issue #2
Video feed even injected into the system
Atias demoed how the same vulnerability and the attack, stemming from it, can be used to modify the video feed delivered by the doorbell.
Basically, the researchers claimed hackers can inject their own clips into the system, changing the relayed footage altogether.
This could have been used to trick the user into believing a known person is at the door, even when it's not.
Risk
This raised major safety concerns
The ability to hack into and modify Ring's video feed raised major security concerns.
Any bad actor could have exploited this vulnerability to spy on the people coming and leaving into a house or learn about the names and habits of people living there.
Following this, they could have injected a counterfeit clip to trick you to open the gate when you are not at home.
Information
Ring doorbells allow for two-way communication
For those unaware, Ring doorbell, which Amazon acquired in 2018, allows for two-way communication where users get video footage from the app and can use it to lock/unlock the smart door remotely.
Fix
Amazon fixed the bug after the issue was flagged
Notably, the issue was discovered between the app and cloud-based server during a routine check of IoT devices.
Following the discovery, Amazon pushed an update for the Ring doorbell app with a fix for the bug.
So, if you have the latest version of the Ring mobile app, you are probably safe from the risk of an attack.
Quote
Here's what Amazon said on the matter
"Customer trust is important to us and we take the security of our devices seriously," an Amazon spokesperson said. "The issue in the Ring app was previously fixed and we always encourage customers to update their apps and phone operating systems to the latest versions."