The company that makes video intercoms that Consumer Reports says contains serious security vulnerabilities has released a fix, according to a consumer advocacy group. Eken Group has released a firmware update for the affected security products under its own name, as well as products from other brands with which it has licensing agreements, including Fishbot, Rakeblue, Tuck and others. All video doorbells use the Aiwit smartphone app and can be purchased from popular online stores such as Amazon, Shein, Temu and Walmart.
In February, CR reported that it had found security vulnerabilities in video intercoms manufactured by Eken that “could allow a dangerous person to take control of a video intercom in a victim’s home.”
Gaining access to the doorbell didn’t even require any hacking knowledge: criminals could simply download the Aiwit app, go to the victim’s home and hold down the doorbell button to pair it with their own smartphones, change the network’s Wi-Fi and take control of the device.
Additionally, anyone with the doorbell’s serial number can remotely view still images from the video feed — no password or account required, CR security experts said. Doorbell owners received no notification if another user accessed their video feed in this way.
The doorbells also did not encrypt the user’s home IP address or Wi-Fi network, leaving both potentially vulnerable to attack by criminals.
The doorbells initially reviewed by CR were sold under the Eken and Tuck brands and appeared identical, with both requiring users to download the Aiwit app on their smartphones. The group later found 10 other apparently identical doorbells manufactured by Eken but sold under different brand names.
CR has reviewed the Eken firmware update and has determined that the issue has been resolved. “While we would prefer products to be secure from initial launch, the ability of our tests to detect vulnerabilities results in better products for consumers,” CR’s senior director of product testing, Maria Rerecich, said in the report.
As a result of the CR reports, the FCC asked Amazon, Sears, Shein, Temu and Walmart for more details on how they verify products sold on their platform. None of the five retailers responded to CR’s request for comment on this matter.
CR found that Eken’s video intercoms also did not have Federal Communications Commission identification tags, which are required by law. The company has since added FCC identifiers to its electronic doorbell instructions.
Since CR published its February report, many Eken doorbells have been withdrawn from online stores. It’s worth noting that some of the doorbells were selected as Amazon: General Picks or with an Amazon’s Choice badge – a label with cryptic criteria that Amazon refused to fully explain and that can be found on many questionable products.
If you have a video intercom manufactured by Eken, check whether the firmware is up to date. Your ringtone should automatically receive the update, but it’s worth checking again. Go to the “Devices” page in the Aiwit app and tap on the ringtone name, which should open the settings. The firmware number should be 2.4.1 or higher, which means it is up to date.
Credit : www.theverge.com