Ring, formerly known as Doorbot, has been around for quite some time. It’s a smart doorbell that lets your monitor and even respond by voice to visitors at your door. Some consider it to be one of the few Internet of Things devices that makes a lot of sense and can be considered really beneficial to an automated home. However, while Ring might protect your door and your house, it might not be doing the same for your home Wi-Fi network, potentially exposing home owners to hacking.
The problem with Ring is that its software was strangely designed to make it so easy to get the Wi-Fi network’s credentials. The door mounting has a conspicuous orange button that turns Ring’s Wi-Fi module into AP mode, which means that computers can connect to it like a hotspot. Once that’s accomplished, however, visiting a simple URL will immediately display the Wi-Fi SSID as well as its password in plain text for anyone to see. And once those have been pilfered, hackers can easily get access to that Wi-Fi connection to do real damage.
At this point, some might argue that the culprits would need physical access to the doorbell first in order to start this process. And therein lies another problem with Ring. It is actually easy to unscrew from its mounting, which seems pretty ironic for a security camera. Of course, it’s not like you can just walk up to it and steal it without your mug getting captured on video, but it can be done with some creative applied in less constructive fashion.
Fortunately, the story doesn’t end there. Ring was notified privately of the exploit before Pen Test Partners, who broke the story, went public. That gave Ring enough time to make a fix available. Upgrading the doorbell’s firmware will now ensure that those Wi-Fi credentials won’t be so easy to decipher. Sadly, there can be no easy software fix for Ring’s hardware design.
SOURCE: Pen Test Partners