from the dumber-is-better dept
"Like most internet of broken things products, we've noted how "smart" devices quite often aren't all that smart. More than a few times we've written about smart lock consumers getting locked out of their own homes without much recourse. Other times we've noted how the devices simply aren't that secure, with one study finding that 12 of 16 smart locks they tested could be relatively easily hacked thanks to flimsy security standards, something that's the primary feature of many internet of broken things devices. "Smart" doorbells aren't much better.
A new study by Consumer Reports studied 24 different popular smart doorbell brands, and found substantial security problems with at least five of the models. Many of these flaws exposed user account information, WiFi network information, or, even in some cases, user passwords. Consumer Reports avoids getting too specific as to avoid advertising the flaws while vendors try to fix them: . . . READ MORE > https://www.techdirt.com/
". . . Consumer Reports’ Digital Lab evaluates digital products and services for how well they protect consumers’ data privacy and security. The most critical findings from our tests of video doorbells concern security vulnerabilities we discovered in five models from four brands that can expose user data like email addresses and account passwords. The brands are:
- Eufy
- GoControl
- LaView
- Netvue
You can skip ahead to read more on our security vulnerability findings.
Our tests also revealed that most video doorbells lack two-factor authentication, a widely used security feature that sends users a temporary, onetime passcode typically via text message, email, phone, or mobile app to use in addition to their password for logging into their accounts. With this feature enabled, a hacker can’t log in to your video doorbell account even if they have your password.
In fact, barely a quarter of the brands we tested have two-factor authentication. The only ones that have it are Arlo, August, Google Nest, Ring, and SimpliSafe.
In addition, many video doorbell manufacturers fail to minimize the amount of data they collect from users and don’t offer consumers an easy way to request a copy of their data and/or delete it.
Our tests also revealed that most video doorbells lack two-factor authentication, a widely used security feature that sends users a temporary, onetime passcode typically via text message, email, phone, or mobile app to use in addition to their password for logging into their accounts. With this feature enabled, a hacker can’t log in to your video doorbell account even if they have your password.
In fact, barely a quarter of the brands we tested have two-factor authentication. The only ones that have it are Arlo, August, Google Nest, Ring, and SimpliSafe.
In addition, many video doorbell manufacturers fail to minimize the amount of data they collect from users and don’t offer consumers an easy way to request a copy of their data and/or delete it.