Software errors in IoT video doorbells can lead to unauthorized access and control. Developers, manufacturers and platform providers share a security obligation.
Video doorbells for self-assembly, as they are also used by SMEs that are always available, can be brought under their control by hackers. Errors in the development of the IoT systems then have unexpected consequences. Attacked systems may violate the privacy that they are supposed to protect. Only the cooperation of security experts, platform developers and product manufacturers secures digital intercom systems.
Cloud-based video intercom
Users talk to visitors at the door via cloud-based video intercom systems such as LifeShield. You can also rely on the live images from home, which are available everywhere, when you are absent. Such IoT offers are also a potential target for cyber criminals. In order to close security gaps in its LifeShield systems, ADT recently patched 1.500 devices, according to Bitdefender's security experts. This shows the current dangers of such IoT devices, the security of which often leaves something to be desired.
Disclosed Risks in IoT Systems
Disclose the camera's administrator password
The doorbell identified itself on the central server using its MAC address. The cloud platform used a basic method to authenticate the doorbell. The user name was initially "camera0" and the password was given to the user when setting up the device. In the configuration phase, the server accepted and answered the associated messages. He ignored the authorization header because no password was assigned. But even after the setup was completed and the access key was created, the server initially continued to respond to requests with incorrect access data and revealed the last known access data for the device: In the end, hackers could only use the MAC address of the camera to get the administrator password for this doorbell Experienced.
Hostile takeover over the network
Bogdan Botezatu, Head of Threat Analysis at Bitdefender
An intelligent, cloud-based video bell is an interface to the Internet. Some of the functions of the web server - such as taking a snapshot or searching for information - did not require authentication. The administrator interface was protected by a password, but this could be found out as described in the previous paragraph. With this access data and via the interface, hackers could issue commands via command injection and gain access at root level.
Open RTSP servers
The doorbell camera transmits the images to a Real Time Streaming Protocol (RTSP) server via port 554. This path was not protected by any authentication. This enabled outsiders to play audio-video feeds with any compatible media player.
Such attacks are particularly dangerous in properties with many parties, such as small shops or buildings with shared apartments, many landlords or office communities. Here other participants in the same wireless network and within range of the affected systems could eavesdrop on calls.
Smart Home IoT risk factor
Further gaps that have been rectified demonstrate typical dangers posed by IoT in intelligent buildings:
- A security update was due for the Ring Doorbell Pro cameras from Amazon as early as 2019 because the identity was verified at an access point via unencrypted HTTP. Hackers within reach could have used it to spy on access data.
- In 2020, experts found weak points in smart door locks at August Smart Lock Pro. It made it possible to steal a WLAN password with all the associated possibilities such as access to memory access, espionage, stealing passwords and data or personal information for fraudulent purposes.
- Light controlled via the cloud or automatic functions in intelligent buildings posed a further risk for homeowners. Hackers had the opportunity to control the firmware update process for intelligent sockets, light bulb holders and wall switches via the eWeLink platform and to import malicious updates. Again, an incorrectly designed authentication process for the switches by the server was responsible. In the end, all that was needed for the hacker was a valid ID number that the attacker could enter using any smartphone.
Such errors in development are common in the non-standardized IoT world. Safety experts contact the manufacturer at an early stage, but often only after a while and sometimes not at all - unlike in the cases presented here.
Any object with a connection to the Internet can in principle be hacked. Users should therefore strictly monitor IoT devices and isolate them as much as possible from local or guest networks - for example by using a dedicated SSID only for IoT hardware. Manufacturers increase security by automatically updating their systems. Users should also value this. IT security services and software should also scan IoT devices. Modern routers can thus protect private networks including IoT hardware.
Several white papers and technical reports and documentation are available online:
- LifeShield Vulnerability (PDF)
- Information on eWeLink (PDF)
- Ring Doorbell Pro Vulnerabilities (PDF)
- August Smart Lock Pro security vulnerabilities
More on this at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de