Security researchers have discovered that Amazon-owned Ring doorbells had a vulnerability that exposed Wi-Fi login information.
Cybersecurity firm, Bitdefender, has disclosed that the doorbells were sending Wi-Fi passwords in cleartext, which would allow nearby hackers to gain access to the network.
This then let hackers launch attacks or conduct surveillance through the devices. For months, whoever was on the open network would have access to people’s usernames and passwords.
“When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point,” said Bitdefender in a blog post.
When you set up the device, your Wi-Fi credentials are shared with the doorbell and this is done without any encryption.
Bitdefender notified Amazon of the vulnerability in June. Amazon says it fixed the vulnerability in all of the Ring devices in September, but the vulnerability was only disclosed on November 7th.
“Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched,” a Ring spokesperson told MobileSyrup.
Update 11/09/2019: Added a statement from Ring.