Why Your “Smart” Home May Not Be So Smart
Written by: Jack Loomis
We live in a technological age; everything that we do is either posted to the Internet intentionally – through things such as social media – or unintentionally through location services, web trackers, etc. Most of us disregard the latter as just “how it is now.” We tend to focus on the more positive aspects of living in an Internet of Things world. I can control the lights in my house through Google Home or Amazon Alexa. My refrigerator can tell me when I’m low on something that I normally have stocked. But what happens when the Internet of Things encompasses too many things?
The Ring doorbell has been a worldwide sensation. According to Fortune, in 2016 Ring had sold more than 50,000 units per month and grossing over $100 million in financing to keep producing the technology. I know countless family members who have purchased these and love them. It allows for an extra sense of comfort, security, and even humor (some of the videos/audio clips I’ve seen are truly hilarious).
All of that sounds great, so I’m sure you’re asking, “why is this a bad thing”? In most cases, it’s not. Most companies that produce IoT devices do as much as they can to prevent any cybersecurity threats from befalling them. The problem is, it’s not that simple. Just recently, an article was published proving a potentially very harmful vulnerability with these Ring doorbells. When the Ring is configured and operating normally, it does so in a very secure manner. It uses TLS encryption, Amazon Cloud APIs that are extremely secure, and essentially makes it impossible for any sort of man-in-the-middle attacks. They forgot about one key part of the process though: the initial configuration of the device. When you set up a Ring doorbell, you have to connect it to your home Wi-Fi network. In order to do this, Ring sent packets over an unsecured HTTP channel. This would allow a nearby attacker to easily see your home Wi-Fi name and password in plain-text. An attacker that can get onto your network can do some serious damage. It’s not just limited to using your bandwidth and getting free Internet.
The vulnerability has since been patched, and Ring has sent security updates to all of their devices. So again, you ask, “how does this affect me”? Well, maybe it doesn’t. Maybe you love your IoT devices, and you’ll never be dissuaded from them ever. To me though, I don’t see them as worth the risk. Call me paranoid, call me a conspiracy theorist, whatever. It’s a basic fundamental of cybersecurity that the more avenues you have open to the Internet, the more possibility there is of someone finding a vulnerability in it. The more smart light bulbs, Google Homes, Ring doorbells, etc. that are connected to your network, the more open you are to attacks. IoT is one of those things that seems wonderful until it isn’t. Personally, I’ll stick with flipping a light switch and turning on my own TV.
For more information, check out these articles:
Hashim, A. (2019, November 10). Vulnerability Found In Amazon’s Ring Video Doorbell. Retrieved from Latest Hacking News: https://latesthackingnews.com/2019/11/10/vulnerability-found-in-amazons-ring-video-doorbell/
Higginbotham, S. (2016, March 16). Video Doorbell Maker Scores $61.2 Million. Retrieved from Fortune: https://fortune.com/2016/03/16/ring-raises-61m-funding/