==== Researchers discover high vulnerability of commonly used video doorbells to hacking

These doorbell cameras are, however, still available elsewhere. Consumer Reports says EKEN did not respond to their emails reporting these issues. Despite these flaws and Consumer Reports warning online marketplaces about them, the doorbells remain available for sale on Amazon, Sears, and Shein. But Consumer Reports claimed there are similar doorbells, likely whitelabels of EKEN doorbells, still available on Walmart. After TechCrunch shared five listings flagged by Consumer Reports with Walmart, Forrest said the company took down three of the five, while two had already been removed.

According to research conducted by non-profit organization Consumer Reports, several internet-connected doorbell cameras have a major security flaw. The flaw allows hackers to gain control of the camera with just the push of a button. The affected cameras are manufactured by EKEN, a company based in Shenzhen, China, but also branded as Tuck and other brands.

Upon publication of their research, Consumer Reports revealed four security and privacy issues with the EKEN cameras. These cameras, which are relatively inexpensive, were previously available for purchase on online marketplaces such as Walmart and Temu. However, following Consumer Report’s alert, these marketplaces removed the cameras from sale. Despite this, the cameras can still be found for sale elsewhere.

The most concerning problem highlighted by Consumer Reports is the ability for someone in close proximity to an EKEN doorbell camera to gain “full control” of it. This can be done simply by downloading the official app, Aiwit, and pressing the doorbell’s button for eight seconds to enter pairing mode. The app has over a million downloads on Google Play, indicating widespread use.

At that point, the malicious user can create their own account on the app, scan the QR code generated by the app by putting it in front of the doorbell’s camera. This lets the malicious user add the doorbell to their own account, giving them control over a device that was originally associated with the homeowner’s user account.

Although the owner of the camera will receive an email alerting them of ownership changes, the potential for harm is still high.

Consumer Reports also discovered additional concerns with the EKEN doorbells. The cameras broadcast the owner’s IP address, allowing anyone to view still images captured by the camera without needing a password. The doorbells also broadcast the unencrypted name of the local Wi-Fi network they are connected to, increasing the risk of unauthorized access.

Despite being made aware of these vulnerabilities, EKEN did not respond to Consumer Reports or TechCrunch’s request for comment.

While Consumer Reports alerted online marketplaces about these issues, some of them continue to sell the doorbells. This includes Amazon, Sears, and Shein, whose spokespeople did not respond to inquiries from TechCrunch regarding the matter.

Temu, a former seller of the doorbells, took immediate action after receiving alerts from Consumer Reports and suspended the sale of the identified models. However, Consumer Reports has found similar doorbells, likely whitelabels of EKEN, still available for purchase on Walmart’s website.

Following TechCrunch’s notification, Walmart removed three of the five flagged listings. This highlights the growing concern that consumers cannot trust online marketplaces to properly vet and regulate the safety and security of products they sell.

Once again, this research serves as a reminder that consumers have no way of knowing if internet-connected devices have appropriate privacy and security measures in place, and that it is essential for outside organizations like Consumer Reports to bring attention to these issues.

Avatar photo
Dylan Williams

Dylan Williams is a multimedia storyteller with a background in video production and graphic design. He has a knack for finding and sharing unique and visually striking stories from around the world.

Articles: 808

Leave a Reply

Your email address will not be published. Required fields are marked *