Security Problems with Cheap Smart Doorbells Set Alarms Ringing

Thinking of buying yourself a Smart Doorbell as a gift this Christmas? It’s a good idea, they’re rally handy devices to have, but beware of low quality products. If you really want to treat yourself don’t scrimp and invest in the best quality goods you can afford. And that’s not just the advice coming from the marketing department! Surveys of good bought online from such retailers as eBay and Amazon discovered that many goods which are in the “affordable” end of the pool come with multiple security risks which could put your home and data in more danger than you ever would have had if you’d just stick to a good old fashioned Yale or mortis lock.

The devices which were reviewed weren’t just inferior products, they included goods which sent photos, usernames, passwords, GPS data and emails back to the manufacturer, all for no discernible reason. This is all data it’s necessary to input into the device for it to work properly, but you certainly don’t want it being shared unfiltered and unbeknownst to you with anyone.

Which? and NCC Group bought 11 video doorbells on the most popular sales platforms. Despite all looking very similar to one-another they were from a range of manufacturers, and all had prices which were remarkably competitive when compared to well known brands such as Amazon Ring or Nest on Google Home.

Can You Trust Unverified User Smart Device Reviews On Selling Platforms?

Despite being from manufacturers nobody has ever heard of, many scored remarkably highly according to user ratings, and certain products were even endorsed with the Amazon Choice logo, a device which is rewarded to retailers with outstanding feedback, although exactly how Amazon Choices are selected remains a shadowy, opaque process.

What the testers discovered was that there were a plethora of security issues with these bargain goods, these included hardware, apps, and servers which streamed the data from the doorbell to the owner’s monitoring devices, such as phones and tablets.

  • Security issues the survey of goods identified included:
  • Flaws which meant that hackers could steal network passwords, gaining access to the router and other devices
  • Devices sending sensitive data, including network names and passwords to servers based in China without encryption
  • Vulnerabilities in two-factor authentication protocol implementation which would allow access via the doorbell to the entire home network
  • A video doorbell which could be disabled with a SIM card ejector, or just a pin
  • Vulnerability to simply being reset to the pairing stage, knocking the doorbell offline

Matt Lewis, Research Director at NCC Group said:

“Given their availability across various online marketplaces, but very little information about the devices and their security, we felt it would be interesting to test them from a secure design and implementation perspective. The most surprising finding was seeing some of the doorbells sending home Wi-Fi passwords over the Internet and unencrypted to remote servers. It’s not really clear what the purpose of such a feature would be for, and it certainly exposes a person’s entire home network to potential attackers and criminals.”

He went on to point out that almost all of the Smart Doorbells were found to be sending data back to remote services outside of the UK and EU. And although the data wasn’t always sensitive security information, it was part of a pattern of data breeching which would be a worry for anyone who depended on such a device as part of their home security.

Fault Of Various Levels Found Throughout The Smart Doorbell Study Sample

Of almost a dozen off-brand generic Smart Doorbells that Which? and NCC Group tested each of them had at least one high level security vulnerability, and many of them also had weak, guessable default passwords. In fact 9 of them had ‘high impact’ security issues while two of them were ‘critically vulnerable’ essentially making them more of a risk than they were a benefit to the Smart Home environment.

After making these tests and discovering these security issues, it’s clear that when purchasing devices designed as a security solution, but which are also connected, it’s important not to just read the reviews and recommendations left by users. Anyone interested in buying a Smart Doorbell, Smart CCTV Security, Smart Alarms or Smart Security Sensors should avoid ‘too good to be true’ bargains from makes they’ve never heard of, and instead invest in familiar, recognisable, trusted brand names.

Briant Communications are a specialist Smart Home Entertainment and Security installation company based in Worthing. We only supply and fit the most reliable, secure Smart Home Security and Automation devices. We’ll consult with you, suggest the best devices to suit your needs and give you a free, no obligation cost estimate.

Contact us on 01273 465377 or email us on enquiries@briantcomms.com to arrange your free site visit.

Originally published at https://www.briantcomms.com on September 21, 2021.