
Ring Doorbell Vulnerability Exposes Wifi Password - kposehn
https://www.pentestpartners.com/blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/
======
metral
I thought I recognized the packaging. Turns out this was 'DoorBot' from Shark
Tank that got renamed to 'Ring.'

They ended up getting a $28MM investment from Richard Branson for a $60MM
valuation after getting a shoddy deal on the tank:
[http://www.businessinsider.com/ring-from-shark-tank-to-
richa...](http://www.businessinsider.com/ring-from-shark-tank-to-richard-
branson-2015-8)

Good on them.

~~~
mintplant
I'm surprised that they received such a negative reception on SharkTank.
Unlike most IoT products I've seen, this really seems like a great idea.

~~~
IshKebab
It's not a new idea though. There are a few other companies making the same
thing.

~~~
sithadmin
Ring pulls it off better, in my opinion. Installation is dead simple, the app
works fairly well, and the product is well-designed, all the way down to the
packaging/install kit.

I've tried a few other similar products and just haven't been nearly as
satisfied with the experiences (mostly due to software quirks).

Ring, like Nest, was simple enough that my technically inept parents managed
to deploy and use it without my intervention. That says a lot.

------
vortico
Interesting, if you place electronic hardware outside, thieves can steal
information from it!

~~~
6stringmerc
Soon it may be as easy as walking up to a mailbox for sensitive information or
lifting a package from a porch!

------
tzs
It would be interesting to do a similar device, but based around a peephole
rather than a doorbell. I'll call it Peep.

Peep will require a little more work to install than Ring, so won't be quite
as convenient.

You'd remove the existing peephole, and then attach Peep through the hole.
Peep would have an outside component that contains the camera, microphone, and
speaker, and an inside component that contains a display and the wifi unit.

The place where the outside component connects to the inside would be on the
inside, so from outside you can not simply detach the outside component like
you can with Ring.

The inside component would also contain a microphone and a vibration sensor,
so that it can tell when someone rings the doorbell or knocks on the door.

Although Peep installation would not be as easy as installing Ring, it
shouldn't be too bad since it reuses the peephole hole so you do not have to
make any new holes.

~~~
mmosta
Mount it on the inside, flush with the existing peep-hole + macro optics.

------
apress
Don't forget to scroll down to the end of the article. Spoiler alert: they
fixed it. "A firmware update was released earlier this week that fixes this
issue, just two weeks after we disclosed it to them privately. Good job Ring!"

------
Nutmog
It doesn't seem all that serious. If somebody's going to be removing parts of
your house, they're putting themselves are far greater risk of arrest than a
hacker hiding behind the internet. Why not just slash their tires or start a
fire while you're there? Even having the wifi password doesn't necessarily
give you access to anything but their internet connection anyway.

~~~
pbhjpbhj
Use wifi password to change nameservers on router (assuming router is using
default admin user:pass) find which online bank they're using and clone the
site's homepage with a passthrough form to steal credentials. Et cetera.

Seems useful to a crook.

------
DyslexicAtheist
not just a low-level exploit but an actual fatal design flaw. oops.

software engineers for IoT should really be forced to participate in security
training.

~~~
andrey-g
From this comment and the one about the memory wipe I get the feel that there
is a notion that hardware-based (anti-tampering) security is the only solution
to this problem.

Isn't a straightforward software solution is to make the PSK write-only or
protected by a different, changeable password?

------
Pietertje
Even from a theft perspecive it is bad design practise to have this placed
outdoor... Why not place only the camera and button outdoor and have a simple
wire connection to the wifi module.

It's such a design flaw it becomes even funny

~~~
halviti
Because 95+% of consumers would rather have something simple to install rather
than something that requires drilling holes in their house or professional
installation.

~~~
eterm
But presumably the existing doorbell would already have simple wires running
inside?

~~~
michaelmior
You can either wire it in to an old doorbell for power or you can disconnect
it periodically and recharge via USB.

------
adamrights
Seems like if they send the people a new device in the mail it would be more
valuable to see if the camera and other components were salvageable -- then I
could see people stealing them for pieces :/

------
michaelmior
What I'm curious to know: if you own the network, how hard is it to spoof a
response from the Ring server telling the doorbell to open the lock (Assuming
one is already configured).

------
landmark2
serious question: what would be a better way to store the wifi credentials
protected against the device theft?

~~~
gcb0
do what every lock do for the last century: do not leave screws outside.

further, I'd have one module inside the door, a little wire just connecting a
dumb button to the outside.

granted installation would require a single drill hole, but it wouldn't be a
huge fail like this.

~~~
wingerlang
But the module seems to have a camera.

~~~
TeMPOraL
Make it two drill holes then.

~~~
pbhjpbhj
Or just fit the camera in the bell push housing.

