BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Some Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Report Says

Major vulnerabilities were found in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others.

Some doorbell cameras sold by Amazon and other online retailers have security flaws that could allow bad actors to view footage from the devices or control them completely, according to an investigation published Thursday by Consumer Reports.

Researchers from the product-review organization said they found major vulnerabilities in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others.

The devices have been sold online by Walmart, Shein, Sears and Temu, which said it removed Eken-made doorbells from its platform after Consumer Reports reached out to the company.

A Walmart spokesperson said the doorbell cameras Consumer Reports brought to its attention were listed on its marketplace by third-party sellers. The spokesperson said Walmart has removed those items and was offering refunds under its return policy.

Amazon, which has given the EKEN and Tuck doorbells its coveted “Amazon’s Choice” badge, did not immediately respond to a request for comment. But the doorbell cameras appeared to be available on its site on Thursday.

Sears and Shein also did not immediately respond to requests for comment.

Researchers said the doorbell cameras made by Eken Group can be controlled by a company-operated app called Aiwit. They said bad actors can create an account on the app and gain access to a nearby doorbell camera by pairing it with another device. That gives them the ability to view footage — or access still images — and lock out the owner from the device, Consumer Reports said.

The group’s researchers also found that some of the doorbell cameras don’t have a registration code required by the Federal Communications Commission.

Advertisement. Scroll to continue reading.

“Major e-commerce platforms like Amazon and Walmart need to do a better job of vetting sellers and products sold on their platforms, so consumers are not put at risk,” Justin Brookman, director of tech policy at Consumer Reports, said in a statement.

Related: Ring Doorbell App for Android Sends Out Loads of User Data

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights