Bitdefender discovered a high-severity security flaw in Amazon’s Ring Video Doorbell Pro devices that could allow nearby attackers to steal WiFi password.
Amazon’s Ring Video Doorbell is a smart wireless home security doorbell camera that allows users to use to remotely control their doorbell.
Amazon’s Ring Video Doorbell allows users to interact with anyone on their property from a remote location, it is connected to the WiFi network and could be remotely controlled from a smartphone app.

In this phase, the device enables a built-in, unprotected wireless access point to allow the RING smartphone app to automatically connect to the doorbell.

The information shared between the Ring app and the doorbell, including the Wi-Fi password, is
A nearby attacker can connect to the same unprotected wireless access point and carry out a MiTM attack to steal the users’ Wi-Fi password.
Of course, this attack is feasible only during the setup phase, but experts explained that it is possible to trick victims into re-configuring the device.
This is possible for example by continuously sending de-authentication messages to Amazon’s Ring Video
“
Once the users attempt to re-configure the device, the attacker could capture the password sent in

The availability of the Wi-Fi password could allow attackers to launch several attacks, such as interacting with devices within the household network (i.g.
Below the timeline for the vulnerability:
- Jun 20, 2019: Bitdefender makes first contact with Amazon and requests a secure communications channel for disclosure
- Jun 24, 2019: Vendor sends back requested PGP key;
Bitdefender sends vulnerability details over secure channel - Jul 16, 2019: Bitdefender is invited to send the report via the HackerOne bug bounty program
- Jul 18, 2019: HackerOne report is acknowledged and accepted
- Jul 30, 2019: Bitdefender requests an update from the vendor
- Aug 16, 2019: Vendor closes the report and marks it as a duplicate without saying whether a third party already reported this issue
- Sep 05, 2019: After some back and forth with the vendor, a fix is being partially deployed
- Nov 7, 2019: Coordinated responsible disclosure
|
(