Connected Ring Doorbells and Interphones of an Amazon subsidiary suffered a security breach. they could display, in plain text, the passwords of the home Wi-Ii networks to which they were connected.
To hack a Wi-Fi network, hackers have lot of options available ! They can use a bruteforce software to try combinations of passwords until they find the correct ones, or they can use a sniffing tool in order to capture traffic packet and decrypt the password from this endpoint, or they can try to infiltrate more finely the network, by targeting on a vulnerable connected object.
According to Bitdefender security researchers, whose conclusions have been relayed by the US site Techcrunch, connected doorbells of an Amazon subsidiary, offered this possibility. These bells have a camera and are placed near a front door to visually control visitors from inside.
To work, the phone app has to send the wireless network credentials when the device is being configured. The discovered vulnerability made it easy to display the password, and thus to be able to connect this home network. The main problem ? This same password was sent "plain-text" to the user's phone, and therefore without any protection, even though it should have been encrypted.
The password could easily be intercepted and then used to take control of the Wi-Fi network, or even access other connected objects related to the same network.
The entire operation is done on an unencrypted channel, exposing the key to malicious people. With security and pentesting suites such as Kali Linux, Parrot OS or BlackArch, even a non-specialized person can perform such attacks, including the famous script kiddies, young people eager to learn to do damage or illegal operations.
Connected objects are a gateway for hackers to hack into home Wi-Fi networks. In the past, a popular dashboard connected, which allowed to set a click each connected objects of the house, had paid for such a fault, also reported Techcrunch.
Amazon confirmed that the vulnerability had already been fixed a few months ago, and this vulnerability was only revealed yesterday. It is therefore unlikely that hackers have had the opportunity to exploit this vulnerability.
A REAL RISK
What must we remember from all this ? this shows that there is still much to do to improve the security of devices connected to home Wi-FI network. Although smart devices are designed to make our lives easier and our homes safer, researchers are constantly revealing bugs in their conception. It was reported last month that voice assistants allowed hackers to collect private conversations and passwords, and on the last tuesday that Alexa, Siri and Google Home can be hacked using lasers.