The IT security of door bells equipped with cameras, which can be bought for comparatively little money on online shops is not doing well. This was the result of a test by the security company NCC. The identified weaknesses therefore range from log-in data that is firmly coded in the software. In some cases, the devices are delivered without current security updates being installed and long-standing errors being corrected.
Overall, the experts give the devices a bad rating, which equates to a nightmare in the field of the data security. The security problems beyond information leak is massive. In addition, some of the video bells turned out to be clones of the previous model, which not only took over its flaws, but also made them worse.
The smartphone apps for checking the door bells also rely on unencrypted communication, which makes life easy for cyber attackers. HTTPS was not enforced on some of the devices. “HTTPS was not enforced on a number of devices or did not even exist as a communication method for a number of mobile applications,” the analysis said.
So Many Opportunities To Attack
On the door bell device, the auditors came across an undocumented, functional DNS provider. In principle, this could simply be misused as an attack for the spread of malware. Current indications of such an active security gap could not be found. Another possible attack was the misuse of QR codes. According to the tests, a cyber attacker who has access to a user’s camera backup could also get their hands on the device’s QR code. The cyber attacker could decrypt it and read the information with a password. According to the researchers, the bell hardware is also often not securely attached. It was then easy to remove and hack it. The devices would usually sit loosely in a screwed or glued on bracket. They could be stolen within a few seconds. Only one of the camera networks had a pressure sensor, which triggered a warning if tampered with.