Video doorbells are supposed to make your home safer and more convenient, but what if they can be easily hacked by anyone nearby? This is the alarming scenario that Consumer Reports discovered during its investigation of several internet-connected video doorbells.
Consumer Reports found four security and privacy flaws in doorbells made by EKEN, a Chinese company that also sells them under other brands, such as Tuck. These devices were sold on online sites such as Walmart and Temu, until they were removed after the nonprofit alerted them. However, the cameras are still available on other sites such as Amazon, Sears and Shein.
Consumer Reports says EKEN did not respond to its emails reporting these issues or TechCrunch’s request for comment. Online marketplaces that still sell the cameras have also not commented on the matter.
Also read – Best connected doorbell: which model to choose?
What are the security vulnerabilities present in the cameras?
The most serious flaw is that anyone within range of an EKEN doorbell camera can take control of the device by simply holding the button for eight seconds. The camera then enters pairing mode, which allows the hacker to download the official app, called Aiwit, and scan the QR code displayed by the app with the camera.
In this waythe hacker can add the camera to their own account and access the live video feed, recorded clips and device settings. The original owner of the camera will only receive an email notification that their “Aiwit device has changed ownership”, but then it might be too late.
Other flaws are that the cameras expose owners’ IP addresses to the Internet, still images captured by cameras and the name of the local Wi-Fi network, without any encryption or password protection. This means that anyone intercepting the data can see where the camera is, what it sees and what network it connects to, which could lead to other attacks or invasions of privacy.
This study once again shows that consumers should be careful when purchasing internet-connected smart devices, especially if they are from unknown or cheap brands, as they may not have security measures in place and appropriate privacy protections.