Eken camera doorbells allow ill-intentioned individuals to spy on you


Eken camera doorbells allow ill-intentioned individuals to spy on you

Pierluigi Paganini
Eken camera doorbells allow ill-intentioned individuals to spy on you March 03, 2024

Eken camera doorbells allow ill-intentioned individuals to spy on you

Camera doorbells manufactured by the Chinese company Eken Group Ltd under the brands EKEN and Tuck are affected by major vulnerabilities.

Researchers from Consumer Reports (CR) discovered severe vulnerabilities in doorbell cameras manufactured by the Chinese company Eken Group Ltd. The company produces video doorbells under the brand names EKEN and Tuck, its products are by major retailers, including Amazon, Walmart, Shein, Sears and Temu.

Doorbell Cameras
The video doorbells we evaluated have slightly different packaging and plastic casings, but you can tell they’re virtually identical, thanks to the placement of their cameras lenses, motion sensors, and doorbell buttons.
Photo: Consumer Reports

The security flaws could allow threat actors to view footage from the devices or control them completely.

An attacker can exploit the flaws to create an account on the app and gain access to a nearby doorbell camera by pairing it with another device. Then threat actors can view footage and lock out the owner of the device.

Steve Blair, a CR privacy and security test engineer, and fellow test engineer David Della Rocca, discovered that at least 10 more seemingly identical video doorbells been sold under different brand names, are all controlled through the same mobile app, called Aiwit, which is owned by Eken.

“Thousands of these video doorbells are sold each month on Amazon and other online marketplaces, including Walmart, Sears, and the globally popular marketplaces Shein and Temu. Experts say they’re just a drop in the flood of cheap, insecure electronics from Chinese manufacturers being sold in the U.S.” reads the report published by CR.

The researchers purchased two doorbell cameras, sold under the Fishbot and Rakeblue brands, and discovered that both devices are affected by the same vulnerabilities.

The owners of these doorbell cameras facing threats from stalkers or estranged abusive partners and may be subjected to surveillance through their phones, online platforms, and interconnected smartphones.

Some of the doorbells analyzed by the researchers also lack a visible ID issued by the Federal Communications Commission (FCC), which is a mandatory requirement for the sale of these products in the U.S.

Some online marketplaces, such as Walmart, have removed the flawed products from their catalog and are offering refunds to their customers who purchased the devices.

At the time of this writing, the EKEN Smart Video Doorbell Camera Wireless devices are still available on Amazon.

“Big e-commerce platforms like Amazon need to take more responsibility for the harms generated by the products they sell,” says Justin Brookman, director of technology policy for CR. “There is more they could be doing to vet sellers and respond to complaints. Instead, it seems like they’re coasting on their reputation and saddling unknowing consumers with broken products.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, camera doorbells)







Source link