CNET también está disponible en español.

Ir a español

Don't show this again

iPhone 12 rumors Interstellar comet Borisov New Star Wars: The Rise of Skywalker clip Best Buy Apple sale Marvelous Mrs. Maisel Season 3 Best phones of 2019

Ring doorbells had vulnerability leaking Wi-Fi login info, researchers find

Amazon's video doorbell sees who's at your doorstep. For months, anyone on its open network could have seen your username and password.

Listen
- 02:12
how-to-ring-10

Ring video doorbells had a vulnerability that allowed hackers to view your Wi-Fi password.

Chris Monroe/CNET

People buy RIng's video doorbells to bring a sense of safety to their homes, but a software flaw left their network's security wide open, researchers said. The flaw, disclosed Thursday, would have allowed potential attackers to steal a Ring owner's Wi-Fi username and password, according to cybersecurity company Bitdefender

The security company first informed Ring's parent company about the issue in June, and released a fix for the vulnerability in an automatic update in September, the researchers said. 

Ring is a video doorbell company owned by Amazon, which bought it for $839 million in February 2018. It has partnered with at least 587 police departments across the country, offering law enforcement access to an impromptu surveillance network in residential neighborhoods. 

Privacy advocates have raised concerns about Ring's close ties to police, pointing out issues with civilian-backed surveillance, along with potential hacks on the internet-connected devices.

Now playing: Watch this: Police have your Ring footage. They're not the only ones...
2:13

This isn't the first time Ring has had a vulnerability in its video doorbells. In 2016, security researchers from Pen Ten Partners found flaws with Ring's doorbell that would allow potential hackers to steal Wi-Fi passwords. The company issued a fix, but that wasn't the end of the story. In February, security firm Dojo Bullguard hacked a Ring doorbell in real time at Mobile World Congress, allowing an attacker to view footage from the device's video feed. 

And now comes the vulnerability disclosed by Bitdefender on Thursday. 

"Customer trust is important to us and we take the security of our devices seriously. We rolled out an automatic security update addressing the issue, and it's since been patched," Ring said in a statement.

The vulnerability happens in the video doorbell's communications with Ring's app. When you first set up your Ring device, the app needs to send your Wi-Fi network's login information to the doorbell. 

It had been sending this sensitive information over an unencrypted network, which meant that anyone viewing that network could have seen your username and password for your Wi-Fi. The potential hacker would have to be within range of your Wi-Fi to carry out this attack.

While this attack can only take place during the video doorbell's setup process, a hacker could also send fake messages to the person to trick them into setting up the doorbell again, the researchers said.

Originally published Nov. 7, 7:01 a.m. PT.
Update, 10:47 a.m.: Includes comment from Ring.