[HOME AUTOMATION] Wi-Fi vulnerabilities on Ring connected bells

BitDefender IT security researchers have detected a security breach on Amazon’s connected Ring Video Doorbell Pro bells. This type of bell has a built-in camera and microphone. The vulnerability in question, exploits the Wi-Fi password to potential attacks. The Ring Bell must be connected to a Wi-Fi network, allowing a smartphone to access multiple tasks. The bell being configured to the Wi-Fi network, the smartphone, which is synchronized with the bell, sends the Wi-Fi password to allow a connection. The password would then pass unencrypted over the network via a simple unencrypted http. A pirate in the vicinity could then take control of these bells. Researchers bruteforced the password by constantly sending deauthentication messages to the device, leading the user to believe that the device is offline to force him to reconfigure it. It is therefore while the user tries to connect again and shares his Wi-Fi credentials, that the attacker can detect the traffic and capture the password in clear. A malicious person could launch multiple Man-in-the-Middle attacks, access cameras, control other devices in the house or intercept network traffic. These bells must therefore be updated.