Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Some Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Report Says

Major vulnerabilities were found in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others.

Some doorbell cameras sold by Amazon and other online retailers have security flaws that could allow bad actors to view footage from the devices or control them completely, according to an investigation published Thursday by Consumer Reports.

Researchers from the product-review organization said they found major vulnerabilities in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others.

The devices have been sold online by Walmart, Shein, Sears and Temu, which said it removed Eken-made doorbells from its platform after Consumer Reports reached out to the company.

A Walmart spokesperson said the doorbell cameras Consumer Reports brought to its attention were listed on its marketplace by third-party sellers. The spokesperson said Walmart has removed those items and was offering refunds under its return policy.

Amazon, which has given the EKEN and Tuck doorbells its coveted “Amazon’s Choice” badge, did not immediately respond to a request for comment. But the doorbell cameras appeared to be available on its site on Thursday.

Sears and Shein also did not immediately respond to requests for comment.

Researchers said the doorbell cameras made by Eken Group can be controlled by a company-operated app called Aiwit. They said bad actors can create an account on the app and gain access to a nearby doorbell camera by pairing it with another device. That gives them the ability to view footage — or access still images — and lock out the owner from the device, Consumer Reports said.

The group’s researchers also found that some of the doorbell cameras don’t have a registration code required by the Federal Communications Commission.

Advertisement. Scroll to continue reading.

“Major e-commerce platforms like Amazon and Walmart need to do a better job of vetting sellers and products sold on their platforms, so consumers are not put at risk,” Justin Brookman, director of tech policy at Consumer Reports, said in a statement.

Related: Ring Doorbell App for Android Sends Out Loads of User Data

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

ICS/OT

As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.

IoT Security

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products.

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...