A
company
that
manufactures
video
doorbells
found
by
Consumer
Reports
to
contain
serious
security
vulnerabilities
has
issued
a
fix,
the
consumer
advocacy
group
is
reporting.
Eken
Group
has
issued
a
firmware
update
for
the
affected
security
products
under
its
own
name,
as
well
as
those
from
other
brands
it
has
licensing
deals
with,
including
Fishbot,
Rakeblue,
Tuck,
and
others.
All
the
video
doorbells
use
the
Aiwit
smartphone
app
and
could
be
purchased
from
popular
online
retailers
like
Amazon,
Shein,
Temu,
and
Walmart.
Back
in
February,
CR
reported
that
it
found
vulnerabilities
in
Eken-produced
video
doorbells
that
“could
allow
a
dangerous
person
to
take
control
of
the
video
doorbell
on
their
target’s
home.”
Gaining
access
to
the
doorbell
didn’t
even
require
any
level
of
hacking
knowledge:
bad
actors
could
simply
download
the
Aiwit
app,
go
to
their
target’s
home,
and
hold
down
the
doorbell’s
button
to
pair
it
with
their
own
smartphones,
change
their
Wi-Fi
network,
and
take
control
of
the
device.
Additionally,
anyone
with
the
doorbell’s
serial
number
could
remotely
view
still
images
from
the
video
feed
— no
password
or
account
required,
CR
security
experts
found.
Doorbell
owners
didn’t
receive
a
notification
of
any
kind
if
another
user
accessed
their
video
feed
in
this
manner.
The
doorbells
also
didn’t
encrypt
the
user’s
home
IP
address
or
Wi-Fi
network,
leaving
both
potentially
exposed
to
criminals.
The
doorbells
that
CR
initially
rated
were
sold
under
the
brand
names
Eken
and
Tuck
and
seemed
identical,
down
to
them
both
requiring
users
to
download
the
Aiwit
smartphone
app.
The
group
later
found
10
other
seemingly
identical
doorbells
made
by
Eken
but
sold
under
a
number
of
different
brand
names.
CR
has
reviewed
Eken’s
firmware
update
and
says
the
problem
has
been
fixed.
“While
we
would
prefer
that
products
be
safe
and
secure
from
their
initial
launch,
the
ability
of
our
testing
to
uncover
vulnerabilities
results
in
better
products
for
consumers,”
CR’s
senior
director
of
product
testing,
Maria
Rerecich,
said
in
its
report.
As
a
result
of
CR’s
reporting,
the
FCC
has
asked
Amazon,
Sears,
Shein,
Temu,
and
Walmart
for
more
details
about
how
they
vet
products
sold
on
their
platform.
None
of
the
five
retailers
have
responded
to
CR’s
request
for
comment
on
the
matter.
Eken’s
video
doorbells
also
lacked
Federal
Communications
Commission
ID
labels,
which
are
required
by
law,
CR
found.
The
company
has
since
added
the
FCC
IDs
to
the
electronic
manuals
for
the
doorbells.
Since
CR
published
its
February
report,
many
of
the
Eken
doorbells
have
been
pulled
from
online
retailers.
Notably,
a
number
of
the
doorbells
were
selected
as
Amazon:
Overall
Picks
or
with
the
Amazon’s
Choice
badge,
a
label
with
mysterious
criteria
that
Amazon
has
refused
to
explain
fully
and
can
be
found
on
many
dubious
products.
If
you
own
an
Eken-produced
video
doorbell,
be
sure
to
check
if
your
firmware
is
up
to
date.
Your
doorbell
should
receive
the
update
automatically,
but
it’s
smart
to
double-check.
Go
to
the
“Devices”
page
on
the
Aiwit
app
and
tap
on
the
doorbell’s
name,
which
should
open
up
the
settings.
The
firmware
number
should
be
2.4.1
or
higher,
which
indicates
it’s
up
to
date.
(Originally posted by Amrita Khalid)
Comments