A high-severity security vulnerability was found in Amazon’s Ring Video Doorbell Pro devices which could let any nearby attackers to steal your WiFi password and perform MitM against other devices connected to the same network. The vulnerability was discovered by security researchers at Bitdefender.
Amazon’s Ring Video Doorbell is a smart wireless home security doorbell camera which helps the user to see, hear and speak to anyone on your property from anywhere in the World.
The device can be accessed remotely from a smartphone when the smart doorbell is connected to your WiFi network. When the device is setting up for the first and share your WiFi password with it, it is necessary to enable the configuration mode from the doorbell.
While entering into the configuration mode turns on a built-in, unprotected wireless access point, allowing the RING smartphone app installed on your device to automatically connect to the doorbell.
But besides using an access point without a password, the initial communication between the Ring app and the doorbell is performed insecurely through plain HTTP. This happens when you share your home’s WiFi password with the doorbell.
So, it is possible for a nearby attacker to easily connect to the same unprotected wireless access point, while the setup in the process, and steal your WiFi password using a man-in-the-middle attack.
This attack can be performed only during the “one-time initial configuration” of the device. The attacker continuously sends de-authentication messages to the device to trick the user into believing that the device is malfunctioning. Then the only option the user has to do is to re-configure it.
When the user enters into the configuration mode to re-share WiFi credentials, the attacker would capture the password in plaintext.
When the attacker gets the user’s WiFi password, he can launch various network-based attacks like
- Communicate with all devices within the household network;
- Interrupt network traffic and run man-in-the-middle attacks
- Access all local storage and subsequently access private photos, videos and other information,
- Exploit other vulnerabilities existing in the devices connected to the local network and get complete control to each device,
- Get access to security cameras and steal video recordings.
This vulnerability in Ring Video Doorbell Pro devices was found in June and the researchers responsibly reported it to Amazon for which the company did not give a reply.
Later in September on frequent communications with the vendor, an automatic fix for the vulnerability was partially issued.
All the Ring Video Doorbell Pro users must ensure that they have the latest update installed to stay safe.