14 DAY TRIAL // Nobody expects their doorbell to reveal their home's WiFi password, but if you like filling your house with IoT things, then you should be prepared for such things to happen.
Ring is a modern Internet of Things (IoT) doorbell that connects to the home owner's WiFi system and allows them to view who's in front of the door via the Internet, from their mobile device. Optionally, the doorbell also lets the user open the door, but this also implies a custom lock system that's installed in the door's frame.
Pen Test Partners, a company specialized in tearing apart IoT devices, has taken a look at this doorbell and uncovered a flaw that reveals the home owner's WiFi password.
As researchers explain, the doorbell, which is mounted on the outside of the house, can be detached from the wall by unscrewing two screws. On its back, there's an orange button that, when pressed, puts the doorbell's wireless component in AP (Access Point) mode.
Press button, access a link, get WiFi password. Done! You're a hacker!
The wireless module is manufactured by Gainspan and also includes a Web server with the module.
Attackers can then use their mobile phone to connect to the server, via a specific URL. When accessed, this URL will spew out the wireless module's configuration file right in the browser, complete with the home WiFi network's SSID and PSK (Pre-Shared Key, a.k.a. password).
All that's left now is for an attacker to put the doorbell back on the house's exterior wall and disappear.
Home WiFi networks are always trusted by their owners, who often connect all kinds of devices to them. Having access to this network, attackers could launch other exploits against the victim's workstations, or other IoT devices.
Pen Test Partners reports that Ring's staff came up with a firmware update just two weeks after they were notified of this issue. Previously, Pen Test Partners researchers hacked smart fridges, water kettles, GoPro cameras, smart TVs, and even a BB-8 Star Wars toy.
