Researchers discovered a vulnerability in the Ring doorbell that could allow hackers to send fake images into the video feed, or even eavesdrop on video and audio as it is broadcast.
Dojo by BullGuard discovered that if the right techniques were utilized, a hacker with access to incoming data packets could have listened in on the live feed, as well as sent data into the feed before it reached the app. That method could send fake images to a homeowner so that they would be prompted to unlock the door.
The company has since patched the vulnerability in its latest update, but users running older versions of the app could still be at risk.
This isn’t the first time security issues have come to light with Ring. Earlier this year there were reports that Ring employees were able to watch customers’ videos, but the company denied that accusation. And last May, it was revealed that Ring allowed password changes and never signed you out after a user logged in one time, while in March 2017, some customers discovered that their doorbells were sending data to a server run by Chinese search engine company Baidu.
Amazon bought Ring last year in a deal that was estimated to be worth more than $1 billion. When confirming the acquisition at the time, a Ring spokesperson said the company will “be able to achieve even more by partnering with an inventive, customer-centric company like Amazon. We look forward to being a part of the Amazon team as we work toward our vision for safer neighborhoods.”
The deal made sense for the eCommerce giant, who has been expanding into the home security market. In fact, in April it launched a home security service in select cities around the country, offering that includes a consultant who will help with the installation of the smart home equipment Amazon is selling.