Internet-connected Doorbell Cameras Flaw Let Attackers Hijack Devices

The severe security flaws in popular video doorbell cameras could allow attackers to hijack these devices.

The investigation revealed that doorbells sold under various brand names but manufactured by the same company, Eken Group Ltd., are vulnerable to hacking, posing a significant risk to consumer privacy and safety.

You can analyze a malware file, network, module, and registry activity with the ANY.RUN malware sandbox and the Threat Intelligence Lookup that will let you interact with the OS directly from the browser.

A Shocking Discovery

The security flaws were discovered by Consumer Reports’ privacy and security test engineers, Steve Blair and David Della Rocca.

They managed to hack into doorbell cameras from thousands of miles away, capturing images of the journalist’s backyard and deck.

These devices, meant to monitor strangers at the door, ironically allowed the engineers to spy on the homes of the people they were supposed to protect.

According to the reports from Consumer Reports, a journalist got an email with a blurry photo of herself posing for a camera she had installed at her rear door.

Serious Security Flaws Identified

The doorbells, sold under the Eken and Tuck brand names, among others, were found to have multiple security issues.

They broadcast home IP addresses and Wi-Fi network names to the internet without encryption, making home networks vulnerable to cybercriminals.

Additionally, the doorbells lack a visible FCC ID, which federal regulations require, making their U.S. distribution illegal.

Despite these glaring issues, thousands of these video doorbells are sold monthly on Amazon and other online marketplaces like Walmart, Sears, Shein, and Temu.

The lack of proper vetting by these platforms has led to the widespread availability of these insecure devices.

Risk to Consumers

The vulnerabilities pose a particular threat to individuals at risk from stalkers or abusive partners.

Attackers can easily take control of the video doorbell, monitor the comings and goings of residents, and even lock out the legitimate owner from the device.

Consumer Reports’ findings highlight the potential for these devices to be used as tools for technology-enabled abuse.

Consumer Reports contacted Eken and Tuck and the online marketplaces selling these doorbells to warn them of the issues.

Temu responded by removing the doorbells from its website, while Walmart stated that it expects products sold on its marketplace to be safe and compliant.

However, as of the end of February 2024, many products were still available for sale on these websites.

Recommendations for Consumers

Consumer Reports advises owners of these doorbells to disconnect them from their home Wi-Fi networks and remove them from their doors. They recommend opting for video doorbells with better security from brands like Logitech, SimpliSafe, and Ring.

Consumers are also cautioned not to assume that online retail platforms have evaluated the safety of all their products.

Regulatory and Legal Implications

The investigation has prompted Consumer Reports to share its findings with the Federal Trade Commission and advocate for legislation that holds online platforms strictly liable for selling defective products.

The Consumer Product Safety Commission is also considering an order that would classify online marketplaces as “distributors of goods,” which would impose the responsibilities of conventional retailers on these platforms.

Discovering these security flaws in video doorbell cameras is a stark reminder of the risks associated with internet-connected devices and the need for stricter regulation and oversight of products sold on online marketplaces.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.