Ring 1st Generation
Ring 1st Generation
Today’s fast growing demand for remotely controllable household devices, and the desire to have eyes on your house at all times, has led to the automation of usually unsophisticated devices, such as doorbells. However, are smart doorbells opening you up to more problems than they’re preventing? The target gadget we tested is one of the most popular brands on the global market at the moment, the Ring Smart Doorbell.
Our ethical hacking team’s main goal was focused on obtaining administrative privileges and gaining access to the camera feed for surveillance purposes. However, the question remained whether this was truly the highest level of access they could gain from an IoT (Internet of Things) device connected directly to the home wireless (Wi-Fi) network.
In order to control a smart doorbell device, users have to connect it to an externally accessible wireless network. Once connected, the device can be managed through a convenient mobile application.
During investigations, the team noticed an orange button on the back of the doorbell device that can be easily accessed by a malicious actor by simply removing the device from the wall, something which is particularly easy to do since the doorbell needs to be regularly removed and charged. Once the button is continuously pressed, the hardware device turns into an unprotected Wi-Fi access point (AP).
Connecting to the Ring AP gives a malicious actor the opportunity to enumerate device internal configuration details. The hacking team then discovered an interesting web address that reveals the password of user’s home Wi-Fi network thus providing external attackers access to sensitive personal information, which can then be used to give an attacker full control over the victim’s private network. Once access is gained, attackers can find sensitive personal information stored by users of the Wi-Fi network online, for example online banking details.
- Keep your externally facing smart devices on a separate network.
- Always perform an open source research through reliable search engines (e.g. Google, Bing, etc.) on possible vulnerabilities identified for the smart device you are interested in.
- Be aware of any signs for physical intervention with the product, even once installed.
- Make sure your smart device is properly configured and regularly updated.