Case study, Amazon Ring's 1-way video doorbell sends audio and video in plain/text, meaning that anyone who hacks the signal can also see and hear the conversation.
It's one thing to have great home security with IoT devices, but you also need to make sure your security doesn't have a hole. Set it and forget it is a bad way to go unless its bars over the windows, but that's not you or any of us if we can help it. We want the Internet of Things (IoT) to work for us in a positive way. That means that we need to encrypt your security camera's, including your video doorbells.
Also, for you parents of newborn babies, your baby monitor may be sending its unencrypted signal to anyone in radio range in your neighborhood, apartment complex or even the street. Yeah,... that makes you think twice about the video monitor watching the baby.
[amazon_link asins='B07GNLY5YN' template='ProductCarousel' store='us-1' marketplace='US' link_id='e78e8f07-a79c-431d-bb81-484b84876c2d']
Contact myTech.Today, today, to sort through your security cameras and all of the settings and configurations.
One Ring to rule them all, and in darkness bind them
Feb 27,2019 | Posted by Or Cyngiser, Cyber Security Researcher
Plaintext transmission of audio/video footage to the Ring application allows for arbitrary surveillance and injection of counterfeit traffic, effectively compromising home security.
Today we focus on the Ring Doorbell, an Amazon-acquired home security device aimed at replacing the plain old doorbell. Its main feature is two-way communication between the smart doorbell and your mobile App, allowing the user to confirm who is dinging from anywhere via the internet. Assuming the Ring owner is away from home, he or she can then remotely open the door via Alexa if a supported smart lock is installed, to let the cleaner in for example.
The Shark tank-funded startup has been on the IoT mainstage for a while now, and it did not surprise anyone when the Wifi password leak vulnerability drew massive attention in 2015. Considering the nature of this device, it is critical that a security-first approach is maintained throughout the production cycle, and indeed Ring were quick to respond, patching the vulnerability in just two weeks.
Approaching the Doorbell, we fixated on first inspecting the network traffic for any alarming behaviour. The network topology chosen by Ring is using AWS as relay servers, with both the mobile and the Doorbell device communicating exclusively with the cloud. Schematically, a ding triggers an API call to the server, which messages the device and triggers a notification. Then an audio/video stream is sent to the server and bounced to the app. If the user picks up, an audio-only stream is sent back and played by the Doorbell speaker.
Inspecting the call setup quickly indicated Ring were rolling out their own “innovative” SIP/RTP crypto. Instead of using the well standardized SIP/TLS and SRTP protocols, Ring added a security triplet in the “INVITE” SIP message (as seen below). SIP (session initiation protocol) is the dialect through which two sides establish a call. The per-session X-SSRC-A, X-SSRC-V, X-Session-Hash headers supposedly protect the SIP message via some sort of signature, and perhaps contain the key to the upcoming RTP stream.
Read more ....