Amazon Patches Ring Video Doorbell Vulnerability That Could Allow Hackers to Breach Owner’s Wi-Fi Network

Computing:

Once the device is reset, it starts the process of pairing itself with the owner’s Wi-Fi network. Because the exchange of information between the device and the app is performed via an unsecured HTTP connection, it enables a hacker within range of the Wi-Fi network to intercept the login details.

The patch released by Ring to mitigate the vulnerability ensures that the device uses an HTTPS connection while broadcasting a Wi-Fi signal for the phone to grab. The connection is also secured through a digital certificate, signed by the firm and validated by the app.

Ring was using HTTP? That seems less like a mistake and more like gross incompetence.

Friday, 8 November 2019