The Amazon Ring doorbells have been found to expose WiFi network passwords to anyone with the know-how to obtain them who feels like it. According to TechCrunch, because the Amazon-owned Ring doorbell system was sending the owners' WiFi passwords in cleartext as the doorbell joins its local network, it allowed hackers to intercept the WiFi password and gain access to the network to launch larger attacks or to conduct surveillance.
Bitdefender, a global security technology company, found this out and said: “When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point. Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network.”
All of that was carried out through an unencrypted connection, which exposed the WiFi passwords that were sent through the air.
Amazon rectified this vulnerability in all Ring devices in September 2019, but they never disclosed said vulnerability – until now. This is another example of smart home devices suffering from issues regarding security. These devices are supposed to make our lives easier and homes more secure, however researchers continually find vulnerable aspects that allow them to gain access to the very thing they are supposedly designed to protect.
Earlier in 2019, a top-selling smart home hub allowed researchers to break into a person's home. This was done by simply triggering a smart lock to unbolt the door. Amazon is also under intense scrutiny because of how well Ring works with law enforcement departments. This can be found in different places on the Internet, including at Gizmodo. Ring is also bragging about how it had tracked millions of trick-or-treaters this past Halloween.