The Ring WiFi enabled video doorbell, with optional smartlock compatibility to let visitors in remotely, would also share your WiFi password to anyone who knew how to ask. Just use a Torx screwdriver to pop the doorbell off, press the setup button on the back and connect to the Ring and you can get the networks SSID and PSK in plain text. Thankfully Ring has pushed out an update to resolve this issue but it is a perfect demonstration of the abysmal security on IoT devices and the lack of any thought about security implications by users or makers of these new devices. The Register also mentions the Fitbit Aria bathroom scale as being vulnerable in the exact same way as it also uses Gainspan wireless, though at least the scale is inside your house, not accessible to anyone wandering by.
"Security researchers have discovered a glaring security hole that exposes the home network password of users of a Wi-Fi-enabled video doorbell. The issue – now resolved – underlines how default configurations of IoT components can introduce easy to exploit security holes."
Here is some more Tech News from around the web:
- Google beefs up VR business in bid to challenge HTC and Oculus @ The Inquirer
- Windows 10 shattered Remote Desktop's security defaults – so get patching @ The Register
- PC market suffers 'biggest decline in history' and Windows 10 is to blame @ The Inquirer
- Microsoft kicks VMware right in its weakest, cloudiest spot @ The Register
- Techgage’s Best Of CES 2016 @ Techgage