[SMART HOME] When your bells do as they please!

According to a report published by The Information on 11 May 2018, researchers have discovered major security holes on Ring brand video doorbells. Initially, the system allows access to be granted to another user. In case the bell owner goes on vacation, he can, for example, add a neighbor to the application so that he has access and can monitor the trips. However, even if the user had been removed from access, the user could still track the owner’s activities. In addition, when connection credentials are changed, it usually asks all people with access to reconnect. This ensures security while verifying that people are authorized to access the application. However, Ring did not require users to log in again, which means they still had access to the Ring Bell’s features.

A test conducted by The Information revealed that the vulnerability allowed users to access the application for “several hours”, although the password was changed. By January 2018, the startup acquired by Amazon had assured that its system was removing access for users who were no longer authorized to use the application.