Ring My Wi-Fi Bells

Hello everybody,

An IOT device known as the Ring Wi-Fi Doorbell that allows the person at the doorbell to be viewed through the internet, was found to have a vulnerability. This vulnerability if exploited can reveal the Wi-Fi password of the homeowner. Its easy to detach this doorbell and an orange button on the bell will set the wireless component to an Access Point mode when pressed.

When the doorbell is in the AP mode, an attacker can use their mobile device to connect to the server. Then use a specific URL to gain access to the homeowner’s wireless network. The URL will display  the wireless module’s configuration file in the browser that contains the home WiFi network SSID and password. Afterwards, the hackers can attach the doorbell again and go away.

That’s not all, Hackers can then initiate other exploits against the victim with access to their network.

The Ring has released a firmware update two weeks after the Pen Testers have privately advised of the flaw.

Now you can let it ring safely !

Source: Akati

Comments are closed.