Skip to content
Thoughtful, detailed coverage of everything Apple for 29 years
and the TidBITS Content Network for Apple professionals
2 comments

Amazon’s Ring Doorbells Sent Wi-Fi Passwords in the Clear

Earlier this year, researchers at the cybersecurity firm Bitdefender discovered that Amazon’s Ring doorbells were sending Wi-Fi network passwords in cleartext over the local network. A nearby attacker could have intercepted the Wi-Fi network’s password and used it to access the homeowner’s network. The likelihood of this happening was low, and Amazon fixed the vulnerability in September 2019, but the larger concern is that poorly programmed Internet of Things devices may inadvertently be exposing our Wi-Fi traffic.

A Ring doorbell with the Wi-Fi symbol

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 29 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Amazon’s Ring Doorbells Sent Wi-Fi Passwords in the Clear

Notable Replies

  1. The likelihood of this happening was low

    How is that? Seems very possible that this could happen and that people cruise the 'burbs looking for easy pickens just like this!

  2. The password was transmitted in the clear only during setup, so the attacker would have to be in the right place at the right time to get it on initial setup. The subsequent attack was to force a disconnect, such that the user had to set the Ring doorbell up again, which would make the exposure window much more predictable. I doubt an attacker would cruise for such a thing—they’d set up automated gear in a nearby spot that was close enough, force the disconnect, and then wait.

Join the discussion in the TidBITS Discourse forum

Participants