Amazon’s Ring Video Doorbell is a smart wireless home security doorbell camera that allows users to use to remotely control their doorbell.
Amazon’s Ring Video Doorbell allows users to interact with anyone on their property from a remote location, it is connected to the WiFi network and could be remotely controlled from a smartphone app.
In this phase, the device enables a built-in, unprotected wireless access point to allow the RING smartphone app to automatically connect to the doorbell.
The information shared between the Ring app and the doorbell, including the Wi-Fi password, is
A nearby attacker can connect to the same unprotected wireless access point and carry out a MiTM attack to steal the users’ Wi-Fi password.
Of course, this attack is feasible only during the setup phase, but experts explained that it is possible to trick victims into re-configuring the device.
This is possible for example by continuously sending de-authentication messages to Amazon’s Ring Video
Once the users attempt to re-configure the device, the attacker could capture the password sent in
The availability of the Wi-Fi password could allow attackers to launch several attacks, such as interacting with devices within the household network (i.g.
Below the timeline for the vulnerability: