Smart doorbells continue to pose significant security risks
November 2020 by David Emm, Principal security Researcher at Kaspersky
Smart devices are being introduced to almost all aspects of people’s lives and homes - but with every new device comes a new way for cybercriminals to exploit those weaknesses. New research has found flaws in multiple smart doorbells, proving that even the simplest of devices can become entry points for criminals. Please find a comment below from David Emm, Principal Security Researcher at Kaspersky, where he urges all consumers to take the necessary precautions when implementing any smart devices with their homes.
David Emm, Principal Security Researcher at Kaspersky, said: “The ongoing development of smart doorbells has introduced a new wave of cybersecurity risks. With research today showing flaws in the common models that people are purchasing and installing in their homes, namely around weak password policies and lack of data encryption, these seemingly harmless devices could become literal keys to peoples’ lives. If hacked, the doorbells could give criminals access to entire home networks and other smart devices, which hold huge swathes of potentially sensitive information. Or more simply, the criminals could seize control and switch off the device, which could leave houses vulnerable to intruders. Pending the UK government’s proposed legislation on the security of connected devices, device manufacturers should protect their customers by adhering to the UK government’s code of practice for IoT security.
“As we enter the biggest buying season of the year, these smart devices will undoubtedly be a popular gift for many. It is therefore vital that consumers be made aware of these vulnerabilities and take all necessary precautions to keep themselves and their homes safe.
"So for anyone considering buying a smart doorbell, or indeed any smart device, the usual measures should be taken:
• Review privacy and security settings for any device you buy
• Update the default password, and enable two-factor authentication if this feature is provided
• Check that the product can be updated; and be sure to apply updates as soon as they are available
• Secure your Wi-Fi router with a strong password and WPA2 encryption.”