Warning: Eken Doorbells Vulnerable to Hackers
Researchers at Consumer Reports (CR) have uncovered vulnerabilities in video doorbells manufactured by China’s Eken Group Ltd. The company, which produces devices under the EKEN and Tuck brand names, distributes its products through major retail networks, including Amazon, Walmart, Shein, Sears, and Temu.
These security flaws could potentially allow an attacker to view video footage from the devices or gain complete control over them. Exploiting these vulnerabilities, an assailant could create an account in the application and access the nearest camera doorbell, linking it to another device. Consequently, the cybercriminal could review recorded material and even lock the device owner’s doors.
CR discovered that at least ten identical video doorbells, sold in the USA under various trademarks, are controlled through the same mobile application, Aiwit, provided by Eken.
Researchers purchased two video doorbells sold under the Fishbot and Rakeblue brands and found both devices susceptible to the same vulnerabilities. Owners of such cameras face harassment and can be subjected to surveillance through phones, online platforms, and connected devices.
Some analyzed doorbells also lack a visible identifier issued by the Federal Communications Commission (FCC), a mandatory requirement for sale in the USA. Walmart has removed the defective products from its catalog and offered compensation to customers who purchased the devices.
CR emphasized that major retailers, such as Amazon, need to assume greater responsibility for the harm caused by the products they sell. These trading networks could do much more to thoroughly vet sellers and respond to complaints. Currently, it appears that the networks are risking their reputation and burdening unsuspecting consumers with substandard products.