Boss Digital

Consumer Reports finds dangerous security vulnerabilities in cheap doorbell cameras


Facepalm: Consumer Reports delivers investigative reports and tests mass-manufactured products, providing advice and documentation on how consumers can protect their rights. The latest CR report focuses on doorbell cameras, and the findings couldn’t be worse.

Consumer Reports investigated inexpensive doorbell cameras, revealing that they are plagued by “terrible” security practices and are essentially all produced by the same Chinese company. These devices are being sold on digital marketplaces such as Amazon, Walmart, Temu, and others, and they have proven to be a highly popular product category.

CR examined video doorbells made by Eken and Tuck, discovering that they appear to be the same product sold under different brand names. These two “smart” cameras, along with “at least” 10 more identical video doorbells, are manufactured by the Shenzhen-based company Eken Group, and they can be controlled by a common mobile app (Aiwit), which was also developed by Eken.

The consumer organization found a significant number of security vulnerabilities with the doorbells. Major flaws include the unencrypted exposure of a user’s home IP address and Wi-Fi network name (SSID) over the internet, the ability for malicious actors to take over the devices by downloading the Aiwit app and entering pairing mode, and unauthenticated remote access to still images and video feeds of private dwellings.

The insecure cameras also lack a proper registration code, which, according to FCC regulations, must be visible on this class of products. Despite being considered second-rate products in the video doorbell market, Eken cameras are “relatively strong sellers” on online marketplaces. CR states that multiple listings on Amazon generated more than 4,200 sales in January 2024 alone.

CR’s director of tech policy, Justin Brookman, highlighted how both manufacturers and retail platforms are responsible for products that can harm consumers. Major ecommerce platforms need to do a better job of “vetting sellers and products” sold through their channels, Brookman said, and it has now become clear that new rules are required for holding online retailers accountable.

CR asked Eken Group some questions about its video doorbells, but the company didn’t provide any reply. The organization also reached out to online retailers, sharing the security vulnerabilities it found in the devices. Temu said that all the doorbells using the Aiwit platform were removed from its website, while Walmart only promised to do so. Amazon, Sears, and other retailers didn’t provide any answers.



Source link

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top