January 15, 2016

Ring is a Wi-Fi doorbell that sends a message to a user’s mobile device when someone approaches the doorbell. It can also be used to lock and unlock the door to the user’s house.

Researchers at Pen Test Partners have found that Ring had very insufficient security measures. The orange setup button to the device was easily accessible, the only thing protecting it was a back plate and two standard screws. After removing the back plate, the team pushed the setup button on the back of the device and discovered that the doorbell’s wireless module automatically went into Access Point mode. Next the team found that they could communicate with the server and were able to get the Wi-Fi SSID and pre-shared key (PSK).

Ring responded to the vulnerability report a few minutes after being submitted and issued a patch 2 weeks later. In a statement Ring said “This security vulnerability was remedied with Ring’s firmware update 1.5 on August 11, 2015. Ring is now on firmware version 1.6. Every time Ring is activated, whether with motion or a doorbell ring, it automatically searches for available firmware updates.”

If you are unsure of which version is being run, you can go to Settings in the app and check which firmware you are running there.

Leave a Reply

Your email address will not be published. Required fields are marked *