In a recently pushed patch, Ring Doorbell has fixed a security risk in its own products – because hackers can use the vulnerability to launch attacks that inject fake image content into the video source. It should be noted that although Ring will periodically release repair firmware, customers who use the old version of the Ring application are still exposed to this risk.
In a report released, the researchers at Dojo by BullGuard disclosed details about the vulnerability. With the appropriate technical means, anyone who has access to incoming data packets could have listened in on the live feed, which was not robustly encrypted.
The problem is that the solution used by Ring does not reference strong encryption. Hackers who have access to the target Wi-Fi can even inject fake content into the message stream before the data reaches the App. As an example, an attacker can exploit the vulnerability and send a tampered image to the homeowner to trick him into unlocking the door.
Of course, this is not the first time we have heard about security vulnerabilities in Ring devices. Earlier this year, there have been reports Ring allows customers to watch their employees video. For this matter, the company refused the media’s request for comment but claimed that it would not be exposed on the official website and would use other security measures to protect the user’s data security.