Report: ‘Smart’ Doorbells Sold on Amazon, eBay Filled with Security Vulnerabilities

GettyImages-507239738
Getty

A recent report states that a number of “smart” doorbells featuring microphones and cameras sold on Amazon and eBay come stocked with a number of security vulnerabilities.

CyberScoop reports that the U.K.-based security company NCC Group and consumer advocacy group Which? have discovered major security vulnerabilities in 11 “smart” doorbells sold on Amazon and eBay. One major flaw could allow a remote attacker to break into the owner’s wireless network by swiping login credentials while another critical bug could enable attackers to intercept and manipulate data on the network.

The investigation of the devices found that many doorbells made by obscure vendors that received top reviews on Amazon and eBay were extremely vulnerable. Researchers believe that many of the devices store sensitive data including location data and audio and video captured by the doorbell’s camera on insecure servers. One device made by a company named Victure sent a user’s wireless name and password, completely unencrypted, to servers in China, researchers reported.

Amazon said in a statement that it requires products sold on its site to be compliant with applicable laws and regulations and that it has tools to detect and prevent “unsafe or non-compliant products from being listed in our stores.” eBay said that it takes down listings that violate its safety standards but that the devices flagged by researchers did not meet the company’s threshold. A spokesperson for the doorbell manufacturer Victure denied that the company sent usernames and passwords to Chinese servers.

Matt Lewis, the research director of the project, said that his team’s findings indicate “a wider culture that favors shortcuts over security in the manufacturing process.” Other research found that home-networking devices ranging from routers to webcams also suffer from major security vulnerabilities.

Last week, the U.S. Congress passed long-awaited legislation that would set security requirements for Internet of Things (IoT) vendors that contract with the U.S. government.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.