Prepare yourself for a new storm of cybersecurity trouble spots! Be prepared: there can be a catch to those enticingly low-cost smart doorbells that you can easily find on Amazon and other discount retailers. Researchers at Consumer Reports have uncovered startling safety flaws which make your home open to potential hackers.
The Consumer Reports journalist received an unsettling email with a picture of herself waving at her “secure” smart doorbell. As it happens, the message wasn’t sent by a fan, but rather by a CR test engineer demonstrating how easy it is for a hacker to have access to these devices.
The camera from your smart doorbell is often accessible to hackers, even if you notice a problem and try to take out the attacker. A colleague at Consumer Reports, located nearly 3,000 miles away, downloaded an image taken by a smart doorbell camera on CR journalist Stacey Higginbotham’s house.
These inexpensive smart doorbells are marketed under numerous generic brand names and share the same questionable smartphone app. Hackers only need to physically hit the doorbell’s button, link it with their phone, and presto! Instant access to your spying system. Wait, things get worse. They can keep taking time-stamped pictures of anybody is at your door without needing your password. Even when you believe they’re gone.
An issue with the Aiwit smartphone app, which consumers use to manage their Eken devices, was discovered by Consumer Reports. If a hacker has physical access to a weak smart doorbell, they can use the app to remotely access home security camera footage. Furthermore, that access cannot be simply removed by the doorbell’s owner.
To gain access, a hacker must first create an account on the Aiwit app and press the button on the targeted smart doorbell. Pressing the button causes the device to connect to a nearby Wi-Fi hotspot. The hacker can then use it to link the smart doorbell to their smartphone after that. Once the smart doorbell is associated, the hacker can access the recorded video through the Aiwit interface.
An alert is sent to the owner of an Eken smart doorbell when a hacker modifies its setup. They can erase the hacker’s phone thanks to this notification and stop unauthorized people from viewing the recording on the device. Nevertheless, malicious actors can still access the phone even after the user unlinks it.
Hackers can retrieve an Eken doorbell’s serial number via the Aiwit app if they take control of the device. Consumer Reports found that timestamped still photos from a doorbell can be accessed remotely using this series number. even after the malicious actor’s phone has been disconnected from the device.
Without an account or password, anyone can view photographs from a doorbell, according to Consumer Reports, and the owner won’t be notified when someone uses it. This implies that anybody who receives the doorbell’s serial number from a hacker will also be able to view the photographs from the doorbell.
Experts warn that this is not a common phenomenon. It is a component of the vast flow of defective, incredibly cheap electronics into the US from China. It is probably against the law to use many of these subpar doorbells as they do not have the FCC identification required for consumer electronics.
By alerting the FCC and all those retailers selling these slick doorbells, Consumer Reports has exposed this problem. However, in the meantime, the advice they’ve given is clear: unplug your extremely cheap smart doorbell from an unidentified brand as soon as possible, and remove it from your Wi-Fi network.
Large e-commerce companies frequently sell unlawful or harmful products without conducting enough safety checks, emphasizing the importance of exercising caution when making these types of purchases. Remember that the seemingly great price may come at a significant cost. Choosing a somewhat more expensive doorbell from a reliable company may save you a lot of hassle and the risk of hacks.
Privacy should never be sacrificed; it is a necessity, not a luxury!