Join or Sign in

Register for your free membership or if you are already a member,
sign in using your preferred method below.

To check your latest product inquiries, manage newsletter preference, update personal / company profile, or download member-exclusive reports, log in to your account now!
Login asmag.comMember Registration

Smart doorbell vulnerabilities are more severe than we thought

Smart doorbell vulnerabilities are more severe than we thought
New research shows many smart doorbells in the market are vulnerable to hackers. Here, experts provide suggestions on how to ensure your home is protected.
One of the most popular smart home devices today is a smart doorbell, especially because some of the largest technology companies have invested in it and offer attractive options to customers. But recent research has shown that many of those devices available in the market today are vulnerable to hackers. A report from NCC Group, published last month, showed that many of the smart doorbells the firm tested showed a number of issues, pointing towards a "poor approach to developing secure IoT devices." spoke to Matt Lewis, the NCC Group's research director, to understand more about these threats and how customers and systems integrators can ensure their smart doorbells are secure.

Related: Top smart doorbells for residential and SMB security

Smart doorbell cybersecurity threats

NCC's research discovered a number of security issues across commonly used hardware, associated applications, and servers that stream and transfer data from smart doorbells. This included a number of issues within the applications associated with the devices, including inadequate access controls on the backend services communicating with the doorbells and mobile applications. 

"One particular device was found to be handling privileged API requests without any authentication, potentially enabling the user's settings to be modified, such as changing the ring volume of their doorbell or allowing access to guessable file names of images captured and uploaded by the doorbell," Lewis explained. "Another concerning finding we uncovered included the transfer of unencrypted sensitive data, including the Wi-Fi network name and password, to servers outside of the UK and Europe. While not all devices transferred sensitive data, the worry here was that a majority were, and this information could pose a serious risk to a consumer's entire home network." 

How to select a secure doorbell

Although it's difficult for an average customer to check the technology behind every smart doorbell in the market before making a purchase, they can take some necessary steps. Lewis suggests that before purchasing a smart doorbell, it's essential that consumers do their homework to ensure the device they are buying is safe and secure.  

"This includes checking for a basic internet presence, such as a vendor website, reading through customer reviews, and checking for product literature that highlights the security measures implemented," he added. "If it's not clear, don't buy it – it's not worth risking your privacy and the security of personal information."  

How to ensure secure installation of smart doorbell

Proper installation of the smart doorbell is as important as selecting the right product. In fact, IoT and smart devices are vulnerable to hackers in many instances just because customers fail to take some simple steps, like changing the default password.

"When installing smart doorbells, there are several things you can do to help protect your device and connected networks," Lewis continued. "First and foremost, you should change the default password of the device. And because everything is connected, it's also important to ensure that the Wi-Fi network your device connects to is secure." 

Once the device is in use, you should also try and keep on top of updates. We're used to our phones, laptops, and other devices updating automatically, but some require you to implement updates manually. When it comes to physical security, ensure that the device is mounted properly outside of your home.

"Our research found that all but one of the devices could easily be removed from their mounts," Lewis added. "While one device did have mechanisms to prevent removal, it was possible to quickly remove the batteries or power cable and disable the device. This means that a burglar or malicious actor could very easily steal the device, remove the SD card to view the recorded data, and copy the firmware." 

Securing a growing market

The popularity of smart doorbells is all set to increase in the coming years. According to IDC, the global market for smart home devices that include doorbells is expected to have risen over 4 percent in 2020, despite COVID-19 concerns. This may grow at a CAGR of 14 percent till 2024.

Cybersecurity of doorbells is a pressing issue for the industry as more and more customers purchase the solution, making them attractive targets for hackers. Creating more awareness about how to buy a smart doorbell and what best practices should be followed while installing it is essential to avoid untoward incidents.  
Subscribe to Newsletter
Stay updated with the latest trends and technologies in physical security

Share to: