This wildly unsafe video doorbell is still for sale on Amazon – here’s what you should know

In a recently published article, Consumer Reports (CR) is warning people of a faulty video doorbell being sold on Amazon that can be easily commandeered by a total stranger.

The device itself doesn’t have a specific name as it’s sold under different brand names across multiple commerce platforms; not just Amazon. These names include Fishbot, Gemee, Luckwolf, Rakeblue, and Tuck. It doesn’t matter where or from whom you buy the doorbell since they can all be controlled by the Aiwit app which itself is owned by Chinese electronics company Eken. CR, as part of its investigation, bought the device and had a couple of staff members test its security. Needless to say, it’s really bad. All a bad actor needs to take over Eken’s product is to have Aiwit’s app installed on their smartphone. 

Bad security

According to their findings, a random person can walk up to a target’s house, “hold down the doorbell button to put it into pairing mode”, then connect it to their phone’s Wi-Fi hotspot and take complete control. What’s even scary is gaining access allows strangers to see the doorbell’s serial number. With that number, they can remotely view still images from the source video feed at any time. If that wasn’t enough, the pictures are time stamped so they know exactly when someone leaves and comes back to their home.

The security issues don’t stop there. These doorbells actually “expose your home IP address and” the name of your Wi-Fi network to the internet without any sort of encryption attached. Serial numbers can be shared with others online, giving those people access as well. CR points out that the devices “lack a visible ID issued by the Federal Communications Commission (FCC)”. Without this label, it’s actually illegal to sell the product in the United States.

What’s particularly egregious is Eken’s doorbell was given Amazon’s Choice badge, meaning it gets promoted by the platform as a high-quality item.

Following the investigation, CR reached out to multiple platforms informing them of the faulty doorbell. Few responded; one of which was Walmart who told the publication that they’ve removed the product from their website with no plans on bringing it back. Amazon, on the other hand, is staying quiet. They were still selling the device at the time of this writing. Consumer Reports even contacted Eken, but, they were met with radio silence. TechRadar also contacted Amazon and will update this story with its response.

It’s worth mentioning Eken sells indoor cameras, although it’s unknown if these have the same vulnerabilities too. CR told TheVerge that they haven’t tested the other models nor does it appear that Aiwit servers have any sort of defense from would-be hackers. Anybody can send in a ton of requests and seemingly gain entry to people’s feed without much pushback.

Consumer Reports is recommending current owners immediately disconnect the Eken video doorbell from their Wi-Fi and remove it from their door. They’re also asking online retailers to be more proactive in ensuring the quality of the items they sell.

If you’re looking for other options, check out TechRadar’s list of the best video doorbell for 2024.

You might also like

Source link

Technology

gaitQ and machineMD secure million dollar research grant to monitor Parkinson’s development in UK and Switzerland

Oxford-based medical technology start-up gaitQ and Swiss medical device company machineMD have announced the joint award of a million dollar research grant from Innovate UK and Innosuisse to enable the collection and analysis of critical movement data from people with Parkinson’s (PwP). The grant will fund an 18-month research project that will record movement data […]

Read More
Technology

Take-Two plans to lay off 5 percent of its employees by the end of 2024

Take-Two Interactive plans to lay off 5 percent of its workforce, or about 600 employees, by the end of the year, as reported in an SEC filing Tuesday. The studio is also canceling several in-development projects. These moves are expected to cost $160 million to $200 million to implement, and should result in $165 million […]

Read More
Technology

10 tips to avoid planting AI timebombs in your organization

At the recent HIMSS Global Health Conference & Exhibition in Orlando, I delivered a talk focused on protecting against some of the pitfalls of artificial intelligence in healthcare. The objective was to encourage healthcare professionals to think deeply about the realities of AI transformation, while providing them with real-world examples of how to proceed safely […]

Read More