Today's Hard|Forum Post
Today's Hard|Forum Post

Wednesday March 22, 2017

Smart Doorbell Bug Causes Massive Privacy Freakout

Earlier in the month, a Reddit user noticed some odd traffic from his Ring branded smart doorbell and intercom going to a server related to Baidu in China. When this story was picked up by IoT For All, and reported as a huge vulnerability, it understandably set off quite a bit of concern among Ring's users. Ring did an admirable job of addressing this problem. As it turns out a bug in the software was at random intervals sending tiny millisecond long snippets of audio to a Chinese server. Fixes were issued, and a third party security audit firm confirmed that it appeared to be a bug, it had been fixed, and that the millisecond snippets of audio were too small to actually be able to be used for any malicious intent. It does however highlight whether or not users have had it with IoT devices.

Is there a backlash against IoT and the cloud brewing? Personally I take the old school enterprise approach. I don't mind having "smart" devices on my network, but I don't want them communicating with the public network or any cloud. I don't mind running a home server with software to manage these devices myself, and if I want to access it from outside my home, opening my own port and forwarding it on my router, but I absolutely don't want any cloud based device in my home. I think it would be great if people stopped being lackadaisical when it comes to entrusting their data to cloud providers, but I don't believe that is going to happen anytime soon. Convenience is king, and ignorance is bliss.

News Image

Ring denies the charge that it uses any off-the-shelf systems from China, which usually indicates a lower-quality device. "We take extensive measures to build quality products that are secure," Ring CTO Roth said in his statement first posted on Reddit. Ring didn't respond to further questions about why the traffic to China was happening in the first place beyond that it was only a bug. Wikholm suspects it might have been some leftover test code from a Chinese chip vendor.

"There’s a stigma of anything going to China is bad," Wikholm said. "But a lot of this stuff is made and maintained in China."

Discussion