Amazon Ring could leave you vulnerable to wifi hackers

The new smart security technology from Amazon could ironically cause major security risks for some!

An Amazon Alexa on a desk

Monday, 11 November, 2019

Last year Amazon announced the arrival of their new smart home security technology, Amazon Ring. The product allows you to connect your front door to their smart home system, Alexa.

With front door camera and interactive bells it means you can manage your front door from your phone. However, in an ironic twist it has been discovered Ring has left users vulnerable to hackers!

An investigation carried out by BitDefender, a Romanian cybersecurity and anti-virus software company, found multiple vulnerabilities with the Ring.

The investigation found a vulnerability that: ‘allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a larger attack against the household network.’

- BitDefender

Is your home safe?

This is just the latest way hackers are targeting home networks. Recently the ‘WiFi Pineapple’ came to mainstream attention when it was featured in shows Mr Robot and Silicon Valley. The Pineapple is a device used by cybersecurity testers to check vulnerabilities in networks.

Hackers have repurposed the device to target vulnerabilities in networks and gain access to user data. This could be accessing your online banking information or even accessing your Amazon account and ordering goods.

Gaining access to the Ring is just another development in home network attacks. The danger of allowing everyone to operate their homes on an ‘Internet of Things’ comes with our tech-ignorance. We have access to sophisticated technology to help us run our lives with little awareness of the risks that entails.

So how does it work?

While in the configuration mode, the Ring receives your ‘network credentials’ from the smartphone app. This data exchange is on HTTP, which means that your information is exposed to any nearby eavesdroppers. The research also found that when a Ring doorbell registers with your Wi-Fi, it sends the password needed to join in unencrypted ‘cleartext’. This gives hackers a direct entrance to your entire home network.

Another method of this exploitation is through forced reconfiguration of the Ring. Hackers could do this by continuously sending deauthentication messages. This causes the device to drop from the wireless network. Then the mobile app loses connectivity and instructs the user to reconfigure the device. This leaves the hacker an ‘open door’ through the unsecured HTTP network.

What can I do to protect myself?

Luckily for us since this research was carried out the Ring has had security updates to address this particular fault. However, it serves as an important reminder that we need to remain vigilant as we network our homes. We may have smart doors and alarms, but thieves have digital crowbars!

Natalie Dunning author picture


Natalie Dunning is a freelance writer and Media Psychology researcher based in Manchester.