Skip to main content

Do you have a video doorbell? Some models can be hacked

Share

Video doorbells allow you to see who is coming and going from your home, or check if a package you’ve been expecting gets dropped off.

It may seem hard to believe, as many use the hardware to promote security, but now some criminals are hacking into video doorbells, monitoring and video streaming victim’s routines.

An investigation conducted by Consumer Reports (CR) found that video from a video doorbell can be accessed from almost 5,000 kilometres away.

While outsiders are not supposed to be able to view the video, the security was so poor upon CR’s investigation that researchers were able to access it.

“We were really surprised to find that anyone could walk up to one of these doorbells and take it over in a matter of seconds, and from there actually view screenshots of the doorbell,” Consumer Reports’ Dan Wroclawski said.

Tests revealed that a number of video doorbells – all using the same mobile app, Aiwit – had serious security flaws, making users vulnerable to security breaches. 

The devices that use the Aiwit app CR tested are sold under the brand names Eken and Tuck, but are also sold under other brand names including Fishbot, Rakeblue, Andoe, Luckwolf and more.

“Your home is deeply personal and private. If someone is able to view your doorbell camera and see when you come and go, it presents a lot of security risks. For example, an abuser or a stalker could keep tabs on a victim and it could create a very dangerous situation,” Wroclawski said.

He says that the flood of cheap, insecure electronics from Chinese manufacturers are a growing problem.

“We're seeing a lot of overseas manufacturers create these obscure, cheap, no-name products," said Wroclawski.

In addition, Toronto-based technology expert Marc Saltzman says that the app’s poor reviews are a major issue.

"Out of over 1000 reviews it had an average of one out of five stars which is a huge red flag," said Saltzman.

He advises consumers to do research before purchasing a video doorbell.

"If you go with a less expensive brand that does not offer encrypted video connections then you are putting your data at risk," said Saltzman.

Brands offering stronger security include Logitech, Simplisafe and Ring, according to CR.

To ensure the safety of your data, CR advises disconnecting Aiwit-branded video doorbells from WiFi and removing them from the door.

Eken and Tuck did not respond to a request by CR at the time of publication.

Following the investigation, some retailers have decided to stop selling video doorbells that are easily hacked.

CTVNews.ca Top Stories

Air turbulence: When can it become dangerous?

Flight turbulence like that encountered by a Singapore Airlines flight on Tuesday is extremely common, but there's one aspect of severe turbulence an aviation expert says can lead to serious injury.

Stay Connected