A vulnerability in Amazon's Ring Video Doorbell Pro devices allowed attackers to gain unauthorised access to the user's Wi-Fi network credentials and other devices using the network.
During the early stages of configuration, the the Ring Video Doorbell Pro smartphone app sends the user's wireless network credentials.
"This takes place in an unsecure manner, through an unprotected access point," said the Bitfinder researchers who discovered the flaw. "Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network."
All this is done using plain HTTP language, meaning the Wi-Fi details are exposed.
In order to access the Wi-Fi network, an attacker must trick the user into thinking their device is malfunctioning so they reconfigure it. This means they have to repeat the authentication process and, in the process, reveal their network details. One way of doing this is for the attacker to send multiple deauthentication messages, so the device is removed from the wireless network. When the authentication process is repeated, the plain text details are exposed.
The flaw was discovered in June this year, at which time researchers alerted Amazon and requested a "secure communications channel". This was done via a PGP key and after some back and forth between the two (including sending a report to Amazon's HackerOne bug bounty program), a partial fix was deployed on September 5. All Ring Doorbell Pro cameras have now received a security update to fix the issue.
