During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This then allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi.
Once in possession of a user’s WiFi password, an attacker has full access to the network. And it’s no secret that an internal network can be very lax. In fact, many devices such as Smart TVs allow interaction without any authentication whatsoever – even if a device was under attack, there is no trace left and users will have no idea they were even a victim.
Examples of possible things an attacker might do without your knowledge:
- Interact with all devices within the household network
- Intercept network traffic and run ‘man-in-the-middle’ attacks
- Access local storage (NAS drives, for example) and subsequently access private photos, videos and other types of information
- Exploiting vulnerabilities and gaining access to other devices connected to the local network, that may lead to reading emails and private conversations
- Get access to security cameras to steal video recordings
Find the full Bitdefender Ring Doorbell Pro report
https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf
https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf
