Article Image
IPFS News Link • Hacking, Cyber Security

Avoid These "Smart" Doorbell Devices Due To Security Vulnerabilities

• https://www.zerohedge.com, by Tyler Durden

Staying at home, led to a massive home improvement wave in spring through summer. Many folks remodeled or just simply updated the technology in their homes to fit their new at-home lifestyle.

In particular, one update was smart home security systems, including smart doorbells featuring microphones and cameras sold on Amazon and eBay. 

While these smart doorbells have made millions of Americans' lives easier this year - there's a huge problem - that is - many of these devices come with numerous security vulnerabilities, according to CyberScoop, citing a new report from U.K.-based security company NCC Group. 

"One flaw could allow a remote attacker to break into the wireless network by swiping login credentials. Another critical bug, which has been around for years, could enable attackers to intercept and manipulate data on the network," CyberScoop said. 

NCC found that eleven smart doorbells sold on Amazon and eBay "raised concerns that some of the devices were storing sensitive data, including location data and audio and video captured by the doorbell's camera, on insecure servers," said CyberScoop. 

Amazon released a statement about the compromised smart doorbells sold on its website - indicating it "requires products sold on its site to be compliant with applicable laws and regulations, and that it has tools to detect "unsafe or non-compliant products from being listed in our stores."

In a statement, eBay said the listings of the compromised smart doorbells flagged by NCC researchers did not meet the company's threshold for removal. 

One of the devices in question is made by a company called Victure, which sells smart doorbells on Amazon. Researchers said the Victure sends the user's wireless name and password, unencrypted, to Chinese servers.