Faulty video doorbells compromise home security
Video doorbells refine homes by remotely monitoring the entrance and alerting owners of potential intruders. Security advocates speak volumes about IoT security, but balancing products’ safety, convenience, and resilience is a challenge. Smart doorbells enhance physical control, give a sense of security and reassurance. However, they are susceptible to hacks and other pervasive digital threats.
A study of 24 doorbells reveal lack of security
As reported by ConsumerReports, video doorbells help evade porch pirates and burglars, but hackers might arrive at homeowners’ doorsteps instead. The researchers tested 24 smart doorbells to determine their resilience against separate privacy factors. Unfortunately, most models failed to perform to varying degrees, which should be an enlightening revelation for residents. While homeowners relish in a tranquil state, crooks can retrieve video footage taken by the doorbell camera. The issues detected vary from irresponsible and extensive data collection, vulnerabilities, and a lack of two-factor authentication.
Wireless doorbell cameras cater to one of the basic human needs: feeling safer at one’s home. According to market analysts, doorbells provide footage of residents’ front doors around-the-clock and play a central role in home security. The global video doorbell market size reached USD 1.4 billion in 2018. In 2020, its value surged to USD 1.83 billion. By 2025, researchers predict the market to arrive at USD 2.83 billion.
Main research findings
CustomerReports selected four video doorbell manufacturers with less than satisfactory privacy and security features. If you use Eufy, GoControl, LaView, or Netvue doorbells, follow update releases to see whether they provide adequate solutions. Overall, the researchers concluded these findings from the analysis:
- Smart doorbells do not support two-factor authentication (2FA). Many digital services offer its customers a chance to secure their accounts with temporary tokens. In addition to the typical combination of a password and username, people need external passcodes. Some of the tested models offered this security feature: August, Google Nest, Ring, SimpliSafe, and Arlo. However, these did not: Wisenet, Toucan, Blue by ADT, Eufy, GoControl, Geeni, Maximus, Netvue, LaView, Remo+, and Night Owl.
- Doorbell producers collect extensive amounts of clients’ data. Many manufacturers avoid providing full-disclosure on the data their products gather. As a result, the data-logging activities are too thorough, accumulating data unnecessary for doorbells to function. Another red-flag is data retention policies that vendors refuse to reveal publicly. However, some doorbell manufacturers received “very good” or “good” evaluations: Google Nest, LaView, Ring, August, Blue by ADT, SimpliSafe, and Wisenet.
- Some models contained flaws that facilitate unlawful exploitation. As a security precaution, researchers restrained from revealing too many details on specific vulnerabilities. In abstract terms, they all related to potential breaches of private data, including email addresses and passwords. The flawed models are GoControl, Eufy, LaView, and Netvue. The testers contacted these manufacturers and received varying responses. Eufy and Netvue reported plans to supply patches, while LaView disagreed with the severity of the detected bug.
How can you protect your video doorbell?
- Choose a reliable model. Like with any product, you should run a brief background check on the manufacturers. Pay attention to whether the company has suffered data breaches, or received negative feedback from customers.
- Replace default credentials. Your video doorbell arrives with credentials set by manufacturers. While it might be convenient to keep them around, you should change them regularly.
- Do not ignore firmware updates. Vendors release patches to solve bugs detected internally or externally (as in this case, via third-party reports). So, you should always track updates, or set them to occur automatically.
- Protect home networks. One of the simplest tricks to make your router more immune is to change its default credentials. This alteration includes regular updating of passwords and names. Additionally, you can set a separate network for your IoT devices. The instructions should be in the routers’ manuals. Another recommendation is to install a VPN on the router and to prevent eavesdroppers from stealing or monitoring footage or other private data. In fact, a VPN works on each internet-connected device as well. You can install this tool on your Windows or smartphone to keep all your communications encrypted and private.
Cybersecurity Researcher and Publisher at Atlas VPN. Interested in cybercrime, online security, and privacy-related topics.