‘Amazon’s Choice’ doorbells are a security nightmare

Recent research has found that Eken doorbells pose serious security risks to consumers.

Research conducted by Consumer Reports (CR), a non-profit member organization that works with consumers to promote transparency in the marketplace, shows that various doorbells sold on Amazon, Temu, Shein, and Walmart could allow adversaries to spy on you if exploited.

Steve Blair, a CR privacy and security test engineer, managed to successfully exploit the system and hack into the doorbells of his colleagues from 3000 miles away.

He and fellow CR Test Engineer David Della Rocca identified serious security concerns in multiple doorbells and proved that you don’t have to be a tech genius to hack into them.

The doorbells were sold under different brand names, but all seemed to be made by the same manufacturer – Eken.

Alongside various privacy concerns, the doorbells lack a clear Federal Communications Commission (FCC) ID, making the distribution of these doorbells illegal in the US, according to the non-profit.

The two brand names tested by CR that were found to be insecure were Eken and Tuck.

These devices appeared to be carbon copies of one another despite having different branding.

When CR researched these doorbells, a search revealed another 10 doorbells sold under different brand names that functioned using a specific Aiwit app owned by Eken.

The doorbells that CR tested identified some serious vulnerabilities that could potentially have devastating consequences if placed in the wrong hands.

The non-profit found that the doorbells reveal your home’s IP address and WiFi network, making users vulnerable to digital attacks.

Furthermore, experts expressed concern surrounding the safety of company servers where the video footage is stored.

On the Eken website, the company claims that “videos are safely stored and can never be stolen” as all information is encrypted.

However, stating that your footage can “never be stolen” is a concerning claim that’s arguably misleading.

The more alarming privacy concern noted by CR is the ease with which adversaries or dangerous people could access live footage of you, your family, and your home.

Those who can physically access the device can take ownership of the doorbell by creating an Aiwit account and pairing the account with the doorbell by holding down a button.

This makes that person the owner of the device, giving them full control once connected to a WiFi hotspot.

Once this person has ownership, they can now see the device’s serial number, which allows them to remotely access images from the doorbell’s video feed.

The original owner will be able to regain ownership of the device, but once the serial number is out there, anyone can watch you.

Alarmingly, these doorbell cameras from Eken were featured on various high-profile marketplaces such as Temu, Shein, Walmart, and Amazon.

Many of the Eken doorbells wore the Amazon’s Choice: Overall Pick badge of approval.

Individuals searching for a doorbell may believe that Amazon has vetted these products and are, therefore, high quality and safe to use.

However, CR found via Amazon’s FAQ that these badges are generated via an algorithm that takes certain factors into account, such as rating, price, popularity, product availability, and fast delivery – not safety.

Although Eken isn’t as popular as Ring doorbells, it still holds significant privacy concerns, similar to its competitors.

Amazon was expected to fork over $30M in fines for multiple privacy violations, including allowing Ring employees to spy on customers, creating a security atmosphere ripe for hackers.

There have been various reports surrounding the dangers of digital doorbells, including the increased amount of unnecessary digital surveillance that delivery workers may face daily.

Ring doorbells have even been said to have caused criminal acts of violence, as a Ring camera alert almost killed a woman in Florida.

Consumer Reports recommends that those who possess Eken doorbells or any doorbell that uses the Aiwit app should remove the doorbell and disconnect it from their home WiFi.

More from Cybernews:

European champion no more: Mistral AI's painful bluff also eye-opener

Apple cancels development of autonomous car

Taiwan Strait: Musk faces conundrum over SpaceX contract with Pentagon

ALPHV/BlackCat exposes UnitedHealth hack details on leak blog

Coinbase investigates crypto accounts showing zero balance

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked