However, with these Internet-connected Smart Doorbells, you get an alert on your smartphone app every time a visitor presses your doorbell and, in fact, you can also view who's in front of your door.
Moreover, you can even communicate with them without ever opening the door. Isn’t this amazing? Pretty much.
But what if your doorbell Reveals your home's WiFi password?
Use Smart Doorbell to h*a*c*k* WiFi Password
Until now, we have seen how hackers and researchers discovered security holes in [You must be registered and logged in to see this link.]
,[You must be registered and logged in to see this link.]
, [You must be registered and logged in to see this link.]
and Internet-connected [You must be registered and logged in to see this link.]
, raising questions about the security, privacy, and potential misuse of IoTs.
Now, security researchers at UK consultancy Pen Test Partners have [You must be registered and logged in to see this link.]
a critical security hole in Wi-Fi-enabled video doorbell that could be used to expose the home network password of users.
The security hole is uncovered in [You must be registered and logged in to see this link.]
– a modern IoT Smart doorbell that connects to the user's home WiFi network, allowing them to view who is in front of the door with the help of their mobile device, even if the user is not at home.
Additionally, the Smart doorbell also gives users option to hook up to some smart door locks, so users can let their guests or family members into their home even if they are not in the house.
Researchers were impressed by the functionality of Ring, though shocked when analysed the security of the device that allowed them to discover the home user's WiFi password.
Press Button, Access a URL and Get WiFi Password!
As researchers explain, with the help of screw gauge, anyone can detach the doorbell mounted on the outside of the house and press the orange button (given on its back), which puts the device's wireless component in AP (Access Point) mode.
"Pressing the setup button [puts] the doorbell’s wireless module (a Gainspan wireless unit) into a setup mode, in which it acts as a Wi-Fi access point," the company's consultant David Lodge explains in a [You must be registered and logged in to see this link.].
You can then use your mobile phone to connect to the server, via a specific URL ([You must be registered and logged in to see this link.]
When accessed, the above URL will reveal the wireless module's configuration file in the web browser, including the home WiFi network's SSID and PSK (Pre-Shared Key, a.k.a. password) in clear text.
Now, you just need to do is put the Smart doorbell back on the house's wall and disappear.
Since home WiFi networks have always been trusted by their owners who connect their devices to them, having access to this network, hackers can launch other malicious attacks against the victim's workstations, and other smart devices.
Researchers reported the security hole to Ring that resolved the issue via a firmware update released just two weeks after they were notified.