The ‘smart’ doorbells that can HELP burglars: Cut-price buzzers that are sold as offering security could let thieves into your home
- The devices can easily be switched off, stolen or hacked, an investigation found
- Which? tested 11 smart doorbells, discovering high-risk security issues in all
- Flaws included weak password policies and excessive collection of private data
Cheap versions of smart doorbells that are sold as offering security and peace of mind could let hackers and thieves into homes.
The devices, which generally include in-built cameras, can easily be switched off, stolen or hacked by criminals, a Which? investigation has found.
The consumer group tested 11 smart doorbells, including several that mimic market leaders such as Amazon’s Ring or Google Nest models.
Working with cyber security experts NCC Group, high-risk security issues were found in all of them.
Flaws included weak password policies, lack of data encryption and excessive collection of customers’ private information.
An investigation by Which? has revealed that many cheap versions of smart doorbells can easily be switched off, hacked or stolen by criminals [Stock image]
The Qihoo 360 Smart Video Doorbell, which was available on Amazon, was easy to steal as criminals could simply detach it from the wall with a standard sim card ejector tool included with all smartphones. It can then be reset and sold on.
Two devices, from Victure and Ctronics, had a ‘critical’ vulnerability that could allow criminals to steal the network password and use it to hack smart devices in the home.
The Victure Smart Video Doorbell, which Amazon labelled the number one ‘door viewer’ bestseller and had a review score of 4.3 out of 5 from over 1,000 ratings, was found to send customers’ home WiFi name and password unencrypted to servers in China.
A cartoon by Pugh for the Daily Mail
A doorbell listed on eBay had a flaw that takes it offline which could enable a criminal to stop it recording while they burgle the home.
Which? believes the two devices from Ctronics and Victure breach the General Data Protection Regulation and has reported them to the Information Commissioner’s Office.
Kate Bevan, of Which?, said: ‘Smart doorbells bring potential benefits, but also significant risks if they are poorly made and sold without any safety checks or monitoring.’
Amazon said: ‘We require all products to comply with applicable laws and regulations and have developed industry-leading tools to prevent unsafe or non-compliant products from being listed.’
While eBay said: ‘These listings do not violate our safety standards but represent technical product issues that should be addressed with the seller or manufacturer.’
Source: Read Full Article