Can Ring doorbells be hacked?


Seeking private investigator services? Get a free consultation today.

Introduction

Updated: 10/16/2019

Can Ring doorbells be hacked? An analysis by Spectre Intelligence, a private investigator and cyber security consultant. Any internet connected device has the potential to be compromised. However, in most cases, this is usually not the case. The majority of cyber crimes within the United States occur through the use of human engineering and not through technical hacking. Security-minded people use Ring doorbells, or other video doorbell equivalents, to secure their home and deter possible burglars. That said, could this same technology can be used against you? Yes it can, but it probably won’t be. 

IoT, Internet of Things, have been known to InfoSec security professionals to be incredibly insecure. IoT devices are known to tremendously increase attack surface with little to no method of protection, as a result, they are fundamentally insecure. IoT devices include everything from your Ring Door Bell to your smart toaster. Many investigations into IoT devices have not yielded the best of results for cyber security.

Who does it affect?

While technology continues to progress, we tend to get more and more devices around the house. Each device requires routine maintenance to keep it up to date with bug fixes and security patches. The Ring doorbell is no different. Anyone who does not routinely update their devices is vulnerable to attack. Another newly discovered critical vulnerability appears to affect any and all Ring Video Doorbells that run all versions up to 3.4.6 named CVE-2019-9483. Anyone who has not had their device updated to 3.4.7, are potentially vulnerable to malicious attacks.

How does it happen?

This vulnerability is one that essentially manipulates encryption to fulfill the malicious actor’s goal. According to Nist.gov, this is due to inadequate encryption and mishandling of said encryption. Consequently, they state [the vulnerability] ‘ allows attackers to obtain audio and video data, or insert spoofed video.’ You can read more by following the original link: https://nvd.nist.gov/vuln/detail/CVE-2019-9483#vulnCurrentDescriptionTitle

What’s the worst that can happen?

​In a worst case scenario, the ring doorbell can be hacked and an unauthorized individual could potentially gain access into your Ring device, and access your video and audio stream. Worst yet, it appears they are able to ‘spoof’ what’s actually going on outside the camera by inserting or replaying a clip of video taken from your video doorbell. This could potentially make it dangerous to answer the door, thinking it is someone you know from hours or even days before.

How can I fix it?

To protect your ring doorbell from being hacked, a hot-fix appears to have been issued rather quickly. Check your device’s firmware to ensure it has been had the latest version pushed to it (3.4.7 or later) and if not, contact Ring support.

Finally, if you’re a victim of cyber hacking, we may be able to assist. Feel free to reach out: https://www.spectreintel.com/cyber-investigations/

About us

Spectre Intelligence is a private investigator and cyber security firm located in Round Rock, TX (Austin area). If you need private investigator or cyber security services, visit us at www.spectreintel.com and www.spectretechnology.com.