San Francisco: Amazon has rolled out a security patch for its widely-popular Ring Video Doorbell Pro after Bitdefender security researchers found that it was exposing Wi-Fi network credentials, thus, allowing nearby attackers to intercept them and compromise the household network, media reports said.
Security researchers from Bitdefender said the Amazon-owned doorbell was sending owners’ Wi-Fi passwords in cleartext as the doorbell joins the local network, thus, allowing nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger attacks or conduct surveillance.
“When first configuring the device, the smartphone app must send wireless network credentials. This takes place in an unsecured manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network,” Bitdefender was quoted as saying by the TechCrunch on Thursday.
Notably, Amazon has dominated Apple and Google in the smart home market, thanks to its smart assistant Alexa and its Echo line up of devices.
Amazon fixed the vulnerability in all Ring devices in September, but the vulnerability was only disclosed now, the report added