USA TODAY International Edition
Doorbell security may not ring true
Without fix, system can open door to home Wi- Fi
Question: How can I tell if my Ring doorbell has the update that protects me from the latest vulnerability?
Answer: The Ring doorbell is an extremely popular device that millions of households around the world have installed for security purposes and because it’s so popular, it’s also the constant focus of security researchers.
In the most recent vulnerability, it was discovered to be possible for your Ring doorbell to broadcast the password for your Wi- Fi network in plain text ( http:// instead of https://), which could technically allow anyone nearby to capture it and access your home network.
Once a malicious user has access to your home network, they can potentially access sensitive information or other devices connected to your network.
This vulnerability was only possible during the initial setup process, but researchers pointed out that fake messages to the user could trick them into thinking that they needed to reconfigure their Ring device and it’s not hard to figure out which homes have the doorbell.
While from a technical standpoint this could have been a major issue, the likelihood that anyone that had the knowledge of how to exploit this hole would bother with such a random set of variables is pretty low.
This type of vulnerability is generally referred to as “proof of concept” when reported by researchers that can demonstrate it in a controlled laboratory setting that often has very little resemblance to real- world scenarios.
The patch
Despite the low likelihood of it being exploited, the researchers reported the issue to Ring before publicly disclosing the issue so the company could create and distribute a patch for the hole.
Updates to hardware are generally done through “firmware,” which is software specifically designed to control hardware devices.
Is my doorbell updated?
Ring doorbells are set up to automatically install updates, so your device should already be protected, but here’s how to check for yourself:
❚ Open the Ring app and select your Ring device.
❚ Click on “Device Health” near the bottom of the app.
❚ Under Device Details, find Firmware.
❚ If your firmware is up- to- date, it will say “Up to date.” If there is a number, your firmware needs to be updated.
When Ring devices are in the process of updating, the light surrounding the button on the device will generally be flashing, so when this is happening, make sure not to press the button.
What’s connected to my Wi- Fi?
This points out how any device you connect to your network can potentially be exploited to allow unauthorized users to access your entire network. Routinely checking to see what devices are connected to your network can be done easily with an app called Fing.