ITProPortal – by Timur Yunusov
There is no irony lost in the fact that smart home security cameras and video doorbells can be easily hacked. Few who watched the footage of a voice telling a child—alone in her room—that he was Santa Claus will forget the strange conversation and music the invisible intruder played while telling her she should mess up her room and break the TV. That is just one of the many terrifying scenarios that have transpired in the years since Internet of Things (IoT) home devices and appliances were introduced to consumers. As new technologies continue to emerge, safety often takes a back seat to speed-to-market timelines and budgets, which likely do not prioritize hardening security during the development cycle. But security or lack of it comes with a much bigger price tag—usually to the customer before it impacts the enterprise.
Recent research was done on a smart doorbell with a camera that offers an app through which the user controls it. As soon as someone rings the doorbell, the app sends a notification along with a photo, or in some cases, a video. The user can talk to the visitor in real time or via a pre-recorded message. This doorbell can also connect to common house control hubs. From the very beginning, insecurity issues were found. At the first connection, for instance, the device checks for firmware updates. However, even with the presence of SSL communications, it was easy to apply a "man-in-the-middle" attack. This kind of attack enabled direct access to the firmware inside the device, which was void of any digital signatures or encryption, thus making it easy to install modifications that gave full access to the device within a few days.