BOOK THIS SPACE FOR AD
ARTICLE ADConsumer Reports exposes security vulnerabilities in popular video doorbells allowing unauthorized access, stolen footage, and privacy risks. Learn how to protect your home from insecure devices.
The video doorbell market has been flooded with a wide variety of brands, devices, versions, and sellers, making it difficult for buyers to find safe and reliable products. To make it more complicated, according to a report by Consumer Reports (CR), these devices lack basic access controls in network traffic enabling strangers to freely access private video thumbnails.
Investigation
As per CR’s investigation, significant security vulnerabilities were identified in video doorbells potentially allowing attackers to gain unauthorized access to video footage, control doorbell functions, or even steal personal information.
It all started when a CR journalist received an email with grainy images of herself waving at a doorbell camera, sent by CR privacy and security test engineer Steve Blair after hacking into the doorbell from 2,923 miles away.
Blair and fellow test engineer Della Rocca probed further and discovered security flaws in cheap, insecure electronics from Chinese manufacturers sold on online marketplaces like Amazon, Walmart, Sears, and Shein.
The doorbells lacked a visible ID issued by the Federal Communications Commission (FCC), making them illegal to be distributed in the U.S. The researchers discovered security issues in video doorbells sold under Eken and Tuck brands, with at least 10 similar devices and all analyzed doorbells being controlled through an Eken-owned mobile app, Aiwit. Two products, sold under Fishbot and Rakeblue brands, showed similar vulnerabilities.
Eken and Tuck are strong sellers, with multiple listings on Amazon generating over 4,200 sales in January 2024 alone. The doorbells are also available on Walmart.com, sears.com, and global marketplaces Shein and Temu under different names like Andoe, Gemee, and Luckwolf.
Potential Dangers
Anyone with physical access can hijack the doorbell without needing advanced tools or hacking skills. They only have to download the app and pair the device to their phone to view the camera’s video feed indefinitely.
Threat actors can control doorbells to monitor family members’ movements and expose their IP addresses and WiFi network names without encryption. Poor security on company servers storing videos may further increase threats. The Aiwit smartphone app can pair doorbells with WiFi hotspots, allowing people to access video feeds without passwords or accounts. Stalkers/adversaries can identify device serial numbers and access still images from the video feed even if the original owner regains device control.
Justin Brookman, director of technology policy for CR, suggests that e-commerce platforms, particularly big names like Amazon, should take responsibility for the harm caused by their products. Eken, Tuck, Amazon, Walmart, Sears, Shein, Temu, and the Federal Trade Commission have been notified about the issues by CR.
Temu has now removed all doorbells made by Eken and its app from its website and Walmart stated items not meeting safety, reliability, and compliance standards will be removed and blocked, but CR found “similar-looking” doorbells still available on these platforms. Amazon, Sears, and Shein are yet to respond.
How to secure your doorbell camera?
Although, 100% security is a myth, here are some steps you can take to make sure your doorbell is protected from hackers and spying by third parties: