Ring-a-ding: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers

Ring-a-ding: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers

5 years ago
Anonymous $xdcOWPpsb_

https://arstechnica.com/information-technology/2019/11/ring-patches-total-lack-of-password-security-during-setup/

Ring has pushed out a fix to a security issue in the configuration code for its Internet-connected home security products. Researchers from Bitdefender notified Ring in June of a flaw in Ring Video Doorbell Pro cameras' software that made it possible for wireless eavesdroppers to grab the Wi-Fi credentials of customers during the device's setup—because those credentials were sent over an unsecured Wi-Fi connection to the device using unencrypted HTTP.

In a report on the bug issued yesterday as part of a coordinated disclosure with Ring, Bitdefender researchers explained that when customers configured a Ring Video Doorbell Pro out of the box:

Ring-a-ding: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers

Nov 8, 2019, 4:14pm UTC
https://arstechnica.com/information-technology/2019/11/ring-patches-total-lack-of-password-security-during-setup/ > Ring has pushed out a fix to a security issue in the configuration code for its Internet-connected home security products. Researchers from Bitdefender notified Ring in June of a flaw in Ring Video Doorbell Pro cameras' software that made it possible for wireless eavesdroppers to grab the Wi-Fi credentials of customers during the device's setup—because those credentials were sent over an unsecured Wi-Fi connection to the device using unencrypted HTTP. > In a report on the bug issued yesterday as part of a coordinated disclosure with Ring, Bitdefender researchers explained that when customers configured a Ring Video Doorbell Pro out of the box: