Security minded people use Ring DoorBells or other video doorbell equivalents to secure their home and deter possible burglars. Could this same technology can be used against you? A critical vulnerability may make hacking of these doorbells possible.
IoT, Internet of Things, has been known to InfoSec security professionals to be incredibly insecure. IoT devices are known to tremendously increase attack surface with little to no method of protection, as a result, they are fundamentally insecure. IoT devices include everything from your Ring DoorBell to your smart toaster. many investigations into IoT devices have not yielded the best of results for cyber security studies.
Who does it affect?
Another newly discovered critical vulnerability appears to affect any and all Ring Video Doorbells that run all versions up to 3.4.6 named CVE-2019-9483. Anyone who has not had their device updated to 3.4.7, are potentially vulnerable to malicious attacks.
How does it happen?
This vulnerability is one that essentially manipulates encryption to fulfill the malicious actor’s goal. According to Nist.gov, this is due to inadequate encryption and mishandling of said encryption. Consequently, it ‘allows attackers to obtain audio and video data, or insert spoofed video’. You can read more by following the original link: https://nvd.nist.gov/vuln/detail/CVE-2019-9483#vulnCurrentDescriptionTitle
What’s the worst that can happen?
In a worst case scenario, an individual could potentially gain access into your Ring device and access your video and audio. Worst yet, it appears they are able to ‘spoof’ what’s actually going on outside the camera. This could potentially make it dangerous to answer the door, thinking it is someone you know.
How can I fix it?
Consequently, a hotfix appears to have been issued rather quickly. Check your device’s firmware to ensure it has been had the latest version pushed to it (3.4.7 or later) and if not, contact Ring support.
Finally, if you’re a victim of cyber hacking, we may be able to assist. Feel free to reach out: https://www.spectreintel.com/cyber-investigations/