11 smart doorbells purchased from online marketplaces have failed Which? security tests, in the latest example of smart products that could pose a risk to you and your home. These doorbells were found on eBay and Amazon, many of which had scores of 5-star reviews, were recommended as ‘Amazon’s Choice’, or on the bestseller list. One was labelled as the number one bestseller in ‘door viewers’, but vulnerabilities were found in every single one. Among the smart doorbells reviewed were the Victure Smart Video Doorbell Camera, Qihoo 360 D819 Smart Video Doorbell, Ctronics CT-WDB02 Wireless Video Doorbell, and an unbranded V5 Wifi Ring Doorbell.
The ongoing development of smart doorbells has introduced a new wave of cybersecurity risks. With research today showing flaws in the common models that people are purchasing and installing in their homes, namely around weak password policies and lack of data encryption, these seemingly harmless devices could become literal keys to peoples’ lives. If hacked, the doorbells could give criminals access to entire home networks and other smart devices, which hold huge swathes of potentially sensitive information. Or more simply, the criminals could seize control and switch off the device, which could leave houses vulnerable to intruders. Pending the UK government’s proposed legislation on the security of connected devices, device manufacturers should protect their customers by adhering to the UK government’s code of practice for IoT security.
As we enter the biggest buying season of the year, these smart devices will undoubtedly be a popular gift for many. It is therefore vital that consumers be made aware of these vulnerabilities and take all necessary precautions to keep themselves and their homes safe.
Smart doorbells may sound exciting, but they can often be more dangerous than you think. People tend to not think too much about the security of the smart devices in their homes, but you often get what you pay for. Cheaper devices can make sacrifices such as fewer updates or weaker password policies – if any – which weakens your home networks. Products that store data and footage on the cloud must be encrypted too, but this is something many people will not check – wrongly assuming these devices are protected from the moment they are out of the box.
It is vital that you research and protect any device you let into your home and connect to the internet, or you risk allowing malicious actors into your network. Two factor authentication is a must with all IoT devices – and if a product does not offer 2FA capabilities, it is unlikely to have your privacy or best interests at heart.