Amazon’s Ring Doorbells Sent Wi-Fi Passwords in the Clear

Originally published at:

Security researchers have revealed that Amazon’s Ring doorbells were transmitting Wi-Fi passwords in the clear. That’s now fixed, but what other devices might be exposing your network traffic?

1 Like

The likelihood of this happening was low

How is that? Seems very possible that this could happen and that people cruise the 'burbs looking for easy pickens just like this!

The password was transmitted in the clear only during setup, so the attacker would have to be in the right place at the right time to get it on initial setup. The subsequent attack was to force a disconnect, such that the user had to set the Ring doorbell up again, which would make the exposure window much more predictable. I doubt an attacker would cruise for such a thing—they’d set up automated gear in a nearby spot that was close enough, force the disconnect, and then wait.