Ring has extruded a solution to a security issue in the configuration code for its Internet-connected home security products. Bitdefender researchers alerted Ring in June about an error in the Ring Video Doorbell Pro cameras software that allowed wireless listeners to grab customers' Wi-Fi credentials during device installation – because those credentials were sent over an unsecured Wi -Fi connection to the device using unencrypted HTTP.
In a report on the bug released yesterday as part of a coordinated disclosure with Ring, Bitdefender researchers explained that when customers configured a Ring Video Doorbell Pro out of the box:
… the smartphone app [for Ring] must send the wireless network. When you enter configuration mode, the device creates a password-free access point (the SSID contains the last three bytes from the MAC address). When this network is connected, the app automatically connects to it, prompts the device, and then sends the credentials to the local network. All these exchanges are done through regular HTTP. This means that the credentials will be exposed to all eavesdroppers nearby.
An attacker could take advantage of this error by forcing a victim to configure the doorbell. The attacker could use a Wi-Fi deauthorization ("deauth") attack on the device to get it back into configuration mode and be able to use a malicious Wi-Fi device to get the ring port off the network.
the owner must then note that the doorbell is disconnected, which may require the attacker or someone else to ring the doorbell before the targeted owner realizes that the doorbell is disengaged. When the doorbell is reset in configuration mode, the app will offer to connect the doorbell to the Wi-Fi network – and then send the logon information to the doorbell in an HTTP message encoded in XML.
The attacker would then be able to connect to the victim's home Wi-Fi network if no other security measures are in place to stop them (such as whitelisting or Wi-Fi network partitioning).
All affected devices should now be patched, according to Ring and Bitdefender. But this is another example of why "Internet of Things" device owners should consider using Wi-Fi routers capable of segmenting networks or offering "guest" Wi-Fi networks that only restrict access from connected devices to the Internet. And beauty attacks can still be used to turn these devices offline – so a burglar or "porch pirate" can cover their tracks by disabling video footage.