Thursday, February 28, 2019

Report: Ring Doorbell Vulnerability Allowed For Video Injection

Cybersecurity experts have uncovered a vulnerability--now patched--which would have allowed hackers to both view and inject their own video into the Ring Video Doorbell, developed by Santa Monica-based Ring. According to researchers, they were able to figure out a way where they were able to intercept audio and/or video footage from the Ring application, letting an attacker arbitrarily watch and listen to any Ring doorbell, and even allowed a hacker to inject their own video into the Ring's video stream. The vulnerability also would have allowed hackers to gather key information--household habits, names and details about family members, including children--for further exploit, according to those researchers. According to researchers, Ring patched the vulnerability in version 3.4.7 of the Ring app. Ring is now owned by Amazon.com. Update: In a statement, responding to the report, Ring said, "Customer trust is important to us and we take the security of our devices seriously. The issue in the Ring app was previously fixed and we always encourage customers to update their apps and phone operating systems to the latest versions."