Ring's configuration app sent Wi-Fi setup information unencrypted to some doorbell devices, exposing customers' home networks.
Enlarge / Ring’s configuration app despatched Wi-Fi setup data unencrypted to some doorbell gadgets, exposing clients’ residence networks.

Smith Collection/Gado / Getty Images

Ring has pushed out a repair to a safety subject within the configuration code for its Internet-connected residence safety merchandise. Researchers from Bitdefender notified Ring in June of a flaw in Ring Video Doorbell Pro cameras’ software program that made it potential for wi-fi eavesdroppers to seize the Wi-Fi credentials of shoppers in the course of the system’s setup—as a result of these credentials have been despatched over an unsecured Wi-Fi connection to the system utilizing unencrypted HTTP.

In a report on the bug issued yesterday as a part of a coordinated disclosure with Ring, Bitdefender researchers defined that when clients configured a Ring Video Doorbell Pro out of the field:

…the smartphone app [for Ring] should ship the wi-fi community credentials. When coming into configuration mode, the system creates an entry level with out a password (the SSID comprises the final three bytes from the MAC tackle). Once this community is up, the app connects to it mechanically, queries the system, then sends the credentials to the native community. All these exchanges are carried out by means of plain HTTP. This means the credentials are exposed to any close by eavesdroppers.

An attacker might reap the benefits of this bug by forcing a sufferer to reconfigure the doorbell. The attacker might use a Wi-Fi deauthorization (“deauth”) assault towards the system to make it re-enter configuration mode and will use a malicious Wi-Fi system to make the Ring doorbell drop off its community.

The doorbell’s proprietor would then have to discover that the doorbell is disconnected, which can require the attacker or another person to ring the doorbell earlier than the focused proprietor realizes the doorbell is offline. When the doorbell is put again into configuration mode, the app will provide to reconnect the doorbell to the Wi-Fi community—after which resend the credentials to the doorbell in an HTTP message encoded in XML.

The attacker would then give you the option to join to the sufferer’s residence Wi-Fi community if there aren’t any different safety measures in place to cease them (corresponding to system white-listing or partitioning of the Wi-Fi community).

All affected gadgets ought to now be patched, in accordance to Ring and Bitdefender. But that is one other instance of why house owners of “Internet of Things” gadgets ought to think about using Wi-Fi routers able to segmenting networks or providing “guest” Wi-Fi networks that limit entry by linked gadgets to the Internet solely. And deauth assaults can nonetheless be used to knock these gadgets offline—permitting a burglar or “porch pirate” to cowl their tracks by disabling video recording.

No Comments
Comments to: Ring-a-ding: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers