11 Popular Wireless Doorbells Fail Basic Security Tests, Researchers Say

As the development of smart technology fuels growing demand for appliances that offer a broader range of features than traditional models, doorbells operating through home wireless connections have gained popularity worldwide. One study, however, found that these smart doorbells had some serious flaws.

Having observed the trend emerge in residential areas of the United Kingdom, researchers evaluated 11 smart doorbells available for purchase on widely used digital marketplaces, such as Amazon and eBay. The doorbells were advertised at lower prices than those marketed by a handful of a few leading brands, and many received rave reviews on the e-commerce platforms that promoted them.

The research study—pursued by NCC Group and Which?, a company that specializes in cybersecurity consulting and consumer advocacy organization, respectively—identified several serious weaknesses in each doorbell system analyzed. It found that some products did not protect their owners from data breaches that would allow hackers to access their personal wireless networks, information about their locations, as well as video and audio footage stored, without encryption safeguards, on their doorbell devices.

One model, sold by technology company Victure, raised significant concerns. Researchers said the doorbell, which is advertised under the name Victure VD300, relays unencrypted details about consumers' wireless networks and accompanying passwords to servers in China, where the company is headquartered.

Encryption protects data by applying algorithms that render it unintelligible to all but specific users. Companies, like Apple, for example, program their products to complete this process automatically, at least under most circumstances. It is a critical function that allows for consumer privacy.

Other wireless doorbells surveyed by NCC Group and Which? posed additional security threats. According to researchers, a smart doorbell sold by Ctronics could potentially give hackers easy access to its owners' other personal devices, including cameras, thermostats and possibly laptop computers that are connected to the same wireless network. Victure's smart doorbell showed similar vulnerabilities.

Smart doorbell
The Vivint Doorbell Camera, a "smart" doorbell, is displayed during the 2016 Consumer Electronics Show in Las Vegas. A recent report from researchers in the United Kingdom found 11 wireless doorbells, all sold on prominent digital marketplaces, posed serious security threats to consumers. Ethan Miller/Getty

Another allowed third parties to revert the device to its "offline" mode. As researchers noted, intruders could take advantage of this defect and switch off the doorbell's recording functions, potentially putting a consumer's physical home or safety at risk. This model, which researchers identified on eBay as a knockoff version of the leading model created by Ring, was later removed from the online platform. Ring, owned by Amazon, recalled 350,000 of its smart doorbells earlier this month after several purchased in the U.S. caught fire.

"When a product is listed that violates our safety standards, we remove the listing straight away. These listings do not violate our safety standards but represent technical product issues that should be addressed with the seller or manufacturer," an eBay spokesperson said in a statement to Newsweek on Monday afternoon. "We have and will continue to facilitate discussions between Which? and the sellers so the concerns can be addressed."

Newsweek reached out to Amazon for comment but did not receive a reply in time for publication.