11 smart video doorbells sold online on Amazon and eBay have been reported to contain multiple critical vulnerabilities.
November 292020: Which?, a UK consumer organisation analysed 11 popular smart doorbells in the UK. Some looked very similar to each other but were from different manufacturers. Other devices looked like copycats of Amazon Ring. All of the products had prices that were substantially lower than the average retail price for well-known brands, such as Ring and Google's Nest Hello smart doorbell. The brands chosen have high user rates and with one of the brands is even endorsed by Amazon’s “Choice” logo. Two of the doorbells from Victure and Ctroncs had a security flaw that allows criminals to steal network passwords and use it to hack the doorbell, router and other network-connected devices. Victure also saw sensitive information being sent, including WiFi network names and passwords.
Boris Cipot, Senior Security Engineer at Synopsys Software Integrity Group shares his thoughts on the incident.
"When it comes to consumer electronics, consumers mainly consider appearance, functionality and pricing in their purchasing decision. The more functionality, the better the customer ratings tend to be. However, many items offered in online stores have falsified user reviews, making products appear more credible and capturing consumer attention. As such, when selecting an item, either online or in-store, it’s important that consumers research said item and do not solely trust user reviews on one platform. This is especially important if the product can access consumer personal data, including your whole home network.Insecure devices not only endanger consumer privacy and security, they can also damage brand image and trust. Buyers must be very careful when choosing IoT devices, as they can impact their lives in many different ways."
Link to the Which?study