X

Ring's smart doorbell can leave your house vulnerable to hacks

The $199 Ring Video Doorbell may be "smarter" than your average buzzer, but a major vulnerability can leave your Wi-Fi network wide open to hackers.

Megan Wollerton Former Senior Writer/Editor
2 min read
ringvideodoorbell-product-photos-1.jpg

The Ring Video Doorbell.

Tyler Lizenby/CNET

Pen Test Partners, a limited liability partnership (LLP) that assesses computer systems, apps and more for potential network security vulnerabilities, took a close look at the Ring Video Doorbell recently and found a serious flaw for hackers to exploit.

The team of testers says Ring has already addressed the issue via a firmware update (Ring also confirmed the updated in a post on its own website today), but it's still interesting to look at how hackers are trying to circumvent smart-home security protocols to access Wi-Fi networks.

Watch this: SkyBell's HD buzzer makes your front door smarter

We actually reviewed the Ring Video Doorbell back in 2014. A $199 Wi-Fi-enabled buzzer that can either be hardwired or installed wire-free (thanks to its built-in rechargeable battery), Ring sends out a push notification whenever someone "rings" your doorbell -- or simply walks within range of the motion sensor.

Ring performed pretty well in our tests, but it isn't exactly a unique product; SkyBell, DoorBird and August's upcoming connected doorbell cam all offer similar features, but its setup does set it apart.

ringvideodoorbell-product-photos-1.jpg
Enlarge Image
ringvideodoorbell-product-photos-1.jpg

That orange "set up" button on the back of your Ring could be leaving you vulnerable to hackers.

Tyler Lizenby/CNET

According to Pen Test Partners, the orange button on the back of every Ring Video Doorbell (pictured above) -- which you use during the configuration process to connect to your local Wi-Fi network -- was the source of the problem.

Because Ring doorbells are only secured to your door frame with a couple of screws, it's pretty easy to access the back of the unit. And, if a hacker were to press that orange button, they'd be able to get their hands on all sorts of Wi-Fi goodies.

Specifically, Ring units are equipped with Gainspan wireless modules and pressing the orange configuration button puts it into access point (AP) mode. Once that access point is created, hackers can supposedly retrieve the MAC address and Gainspan's HTTP server.

Ring says its customers needn't worry: "No hacks took place. It is highly unlikely that someone would be able to execute the "hack" explained by Pen Test Partners. If they were to try, don't forget that the user would likely have a recording of the person," a Ring representative told me today.

Even so, it would be pretty easy to get all alarmist about Ring's security. But, the Internet of Things is full of connected devices -- Wi-Fi-enabled or otherwise -- that also have some degree of hackability. We've seen it in everything from security cameras to locks and more. A good rule of thumb to help protect yourself, and this applies to products in any tech category, is to check often to make sure your software is current.