331
Mozilla Foundation - Tell Amazon to Fix this Big Security Flaw in Ring Doorbells (foundation.mozilla.org)
submitted 1 year ago by otter@lemmy.ca to c/technology@lemmy.world
28 comments fedilink hide all child comments

Here is an article where you can read more: https://foundation.mozilla.org/en/blog/mozilla-publishes-ring-doorbell-vulnerability-following-amazons-apathy/

Quoted a portion:

(SAN FRANCISCO, CA | TUESDAY, JUNE 6, 2023) -- Today, Mozilla is publicizing a security vulnerability in Amazon’s Ring Wireless Video Doorbell. Mozilla shared the vulnerability with Amazon over 90 days ago, but Amazon has yet to address the issue. Now, per industry standards, Mozilla is sharing its findings publicly to alert Ring Doorbell users and to further pressure Amazon to take action.

Following a penetration test of the Ring Doorbell conducted in October-November 2022, Mozilla and collaborator Cure53 determined that the device is vulnerable to Wi-Fi deauthentication attacks. Bad actors can leverage these weaknesses to disconnect the device from the internet using easily-accessible tools.

As a result, those bad actors could take the doorbell offline and then have their activities go unrecorded — undermining the product’s core purpose. Even after the doorbell is reconnected to the internet, a user will receive no alert about the attack.

Mozilla’s disclosure comes just days after Ring’s $5.8 million settlement with the Federal Trade Commission (FTC) over other serious privacy and security issues. The FTC found that “Ring’s poor privacy and lax security let employees spy on customers through their cameras, including those in their bedrooms or bathrooms, and made customers' videos, including videos of kids, vulnerable to online attackers.”

you are viewing a single comment's thread
view the rest of the comments
[-] Salvo@aussie.zone 1 points 1 year ago

Not everyone has that luxury, even those who are technically capable of removing it.

I don’t want to get into an Apple/Google / Know-Your-Product debate, but how do you know you removed all the Google Crap?

You only way of knowing what is on your phone is if you start from scratch with something like Ubuntu Touch and compile from source; even then, how do you know the manufacturer doesn’t have an embedded “phone home” chip?

At some point you have to decide whether to avoid Crapware completely or go with just the crapware from someone you can trust.

[-] Engywuck@lemm.ee -1 points 1 year ago
  1. one can learn
  2. I can monitor DNS queries rom my own adblocker DNS server and all my DNS queries are forced through it. All other DNS servers includind DoT, DoH are blockes/redirected.
  3. See 2)
  4. A good start is to buy stuff you know you (almost) completely own. Thus, non-iStuff
this post was submitted on 05 Oct 2023
331 points (98.5% liked)

Technology

59312 readers
4650 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world