Blog: How-Tos

Steal your Wi-Fi key from your doorbell? IoT WTF! UPDATE

Ken Munro 12 Jan 2016

After The Register ran a story about our research on the Ring doorbell earlier today, based on our blog post, we thought it worth mentioning some other items that didn’t make it to press.

The first is the strange case of the shifting firmware update date.

True or false?

In our early email and Twitter DM conversations with the engineers at Ring (a very helpful and straightforward bunch of people BTW) we first made them aware of the issue and were on hand as they put the update together.

According to them on 14th December 2015 “…we have resolved it (with our next firmware)..”. So, thankfully they fixed it quickly with a December/January firmware update.

…well, not according to their PR people “This security vulnerability was remedied with Ring’s firmware update 1.5 on August 11, 2015. Ring is now on firmware version 1.6.”

I’ll leave you to make up your mind which one rings true (see what I did there?).

We know where you are

The other update on this story is the information we discovered using wigle.net. Similar
to our iKettle findings we found that it’s possible to geolocate where in the world an unconfigured Ring doorbell is.

ringdist

Really!?

Advice

If you buy a Ring doorbell we advise that you set it up immediately.

Don’t leave it lying around in a charged and unconfigured state like the users identified by war drivers on wigle.net have.