AdvertisementA daring hacker with the patience to do this still wouldn’t be able to use the Ring app,but an imaginative mind could still find a way into your home.“There’s no other vulnerability that we discovered, but there are a million scenarios that you can run,” Balan told Gizmodo. “Let’s say there’s a vulnerable speaker system on the home network; many speaker systems accept people’s music without any authentication. A very possible scenario is that you could send an audio file to the speaker that says Alexa, open the front door.”“There’s a fundamental problem with the way people treat their home networks,” Balan added. “Everybody believes that their home network is safe. This is why the security is much more lax on your home network. There’s no password on your TV, for example, because people think it’s their private network. Apps are, by design, insecure on private networks.”
Balan said Amazon was very responsive and moved to patch the devices quickly before disclosing them in November. It started the process in September but followed standard practices and waited until the vulnerability was patched to disclose it. “Customer trust is important to us,” a Ring spokesperson said in a statement, “and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it’s since been patched.”This is the latest installment in the Ring’s ghoulish recent history. Back in February, researchers at Dojo by BullGuard found that hackers could send users images through the Ring app to show a person at the door. Lately, it advertised that it monitored all of the doorbell rings on Halloween. It’s also turned homes into patrol centers, with Amazon going so far as writing some police department’s press releases and tutoring them on how to best entice homeowners to hand over their private security footage.
AdvertisementAs with most IoT devices, the Ring doorbells promise tech-infused solutions to a problem that didn’t really exist, and it’s just causing more problems.