The Ring Doorbell has had a new vulnerability exposed that lies between the cloud service and the mobile applications. Researchers that discovered this vulnerability were able to manipulate the Ring Doorbell to display an old recording of someone who they had previously talked to and let into their house, rather than the person who was actually standing behind the doorbell. The researchers were able to gain access to the application traffic by cracking weak encryption or exploiting another IoT device if the application user is home. If the user is not home, the attacker would be able to open a rogue wi-fi connection and wait for the victim to connect. Once the victim connects, the attacker would be able to capture data traffic. This vulnerability allows the attacker to have unauthorized access to potentially sensitive information that would be shared with the Ring Doorbell application if they decide to listen to the communication. This vulnerability could also allow the attacker to trick the user into letting an unknown person into their house which could cause them to lose physical property.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased