Can Ring doorbells be hacked? Security-minded people use Ring doorbells, or other video doorbell equivalents, to secure their home and deter possible burglars. Could this same technology can be used against you? A critical vulnerability may make hacking of these doorbells possible.
IoT, Internet of Things, have been known to InfoSec security professionals to be incredibly insecure. IoT devices are known to tremendously increase attack surface with little to no method of protection, as a result, they are fundamentally insecure. IoT devices include everything from your Ring DoorBell to your smart toaster. Many investigations into IoT devices have not yielded the best of results for cybersecurity studies.
Who does it affect?
Another newly discovered critical vulnerability appears to affect any and all Ring Video Doorbells that run all versions up to 3.4.6 named CVE-2019-9483. Anyone who has not had their device updated to 3.4.7, are potentially vulnerable to malicious attacks.
How does it happen?
This vulnerability is one that essentially manipulates encryption to fulfill the malicious actor’s goal. According to Nist.gov, this is due to inadequate encryption and mishandling of said encryption. Consequently, they state [the vulnerability] ‘ allows attackers to obtain audio and video data, or insert spoofed video.’ You can read more by following the original link: https://nvd.nist.gov/vuln/detail/CVE-2019-9483#vulnCurrentDescriptionTitle
What’s the worst that can happen?
In a worst case scenario, the ring doorbell can be hacked and an unauthorized individual could potentially gain access into your Ring device, and access your video and audio stream. Worst yet, it appears they are able to ‘spoof’ what’s actually going on outside the camera by inserting or replaying a clip of video taken from your video doorbell. This could potentially make it dangerous to answer the door, thinking it is someone you know from hours or even days before.
How can I fix it?
To protect your ring doorbell from being hacked, a hot-fix appears to have been issued rather quickly. Check your device’s firmware to ensure it has been had the latest version pushed to it (3.4.7 or later) and if not, contact Ring support.
If you have a Nest X Yale Door Lock, you may also consider reading this article: https://www.spectreintel.com/your-nest-x-yale-lock-may-be-compromised/
Finally, if you’re a victim of cyber hacking, we may be able to assist. Feel free to reach out: https://www.spectreintel.com/cyber-investigations/
Spectre Intelligence is a private investigation and intelligence firm located in sunny Round Rock, TX (Austin area). If you need investigation or cyber security services, visit us at www.spectreintel.com and www.spectretechnology.com