Some smart video doorbells have security flaws that allow hackers to take control of the camera simply by holding down a button.
The non-profit organization Consumer Reports has just released a detailed report of 4 security and privacy vulnerabilities in video doorbells branded EKEN, Tuck, Fishbot, Rakeblue… manufactured by EKEN – a company based in China. – manufacture.
With relatively cheap prices, they are available on electronic markets such as Walmart and Temu. However, after Consumer Reports contacted them to warn them about the vulnerability, they removed the above products from the market. Customers can still buy them elsewhere.
Doorbells manufactured by Chinese company EKEN contain serious security vulnerabilities. (Illustration photo: Shutterstock)
According to Consumer Reports, the most serious problem is that if someone is near the EKEN video doorbell, they can “take full control” of it by downloading the official Aiwit app and then putting the camera in pairing mode by holding doorbell button for 8 seconds. Aiwit’s app has more than 1 million downloads on Google Play, indicating widespread use.
At that point, the bad guy can create his own account on the app and scan the QR code generated by the app by placing it in front of the doorbell’s camera. This process allows them to add a doorbell to their account and “gain control of the device that was originally linked to the homeowner’s account”, according to Consumer Reports. However, once the setup process is finished, the video doorbell owner will receive a warning email “Aiwit device has changed ownership”, according to tests conducted by the organization.
Other issues highlighted were the doorbell transmitting the owner’s IP address over the Internet, transmitting still images captured by the camera, transmitting the unencrypted name of the local Wi-Fi network to which the doorbell connects via the Internet .
Consumer Reports said EKEN did not respond to their emails regarding these issues. EKEN also did not respond to a request for comment from TechCrunch.
Despite Consumer Reports’ warnings, video doorbells are still available on Amazon, Sears and Shein. According to Temu, after receiving the warning on February 5, they took immediate action and suspended the sale of Tuck and EKEN video doorbell models. With additional information received on February 28, Temu has removed all camera doorbells that use the Aiwit application from the platform.
Walmart spokesman John Forrest said the retailer has removed the EKEN and Tuck doorbells. However, Consumer Reports points out that similar doorbells are still available here.
According to TechCrunch, research once again shows that customers have no way of knowing whether Internet-connected smart devices have appropriate security and privacy measures in place. E-commerce marketplaces also don’t test what they sell, until someone from the outside, like Consumer Reports, reports the products as unsafe.
(Theo TechCrunch)
