22 comments

[ 0.25 ms ] story [ 52.4 ms ] thread
I wonder how I would feel about that, if I was alone at home, and lonely.

Would it cheer me that people were reaching out and ringing my doorbell?

Or would it make me sad because I would be reminded that there was not a friend ringing at the door?

Or an even worse idea: What if ads started ringing your doorbell suddenly?
I'd be shocked if the Ring doorbells were materially more secure.

I sit firmly in the "only smart device is my printer and I keep a loaded gun next to it in case it makes a weird noise" camp.

Funny thing, that. They actually have Activation Lock (of sorts).

I regret it now but a few years back someone had moved into a home, dumped their Ring doorbell that came with the house, and we shoved it on our house. When we went to set it up Ring blocked the setup attempt because it was account bound.

... Apparently if you call Ring to release it (they can), frontline CS can see the entire log of when the doorbell was online, when it was last rung, and used that information to go "oh, it hasn't been rang in like eight months" to decide that I wasn't some criminal and that I can set up the doorbell myself.

That would be impressive as my doorbell is hardwired from a button to a transformer and bell in a closet.
You could take a picture from the real footage, remove the people from it and insert yourself into the front yard. Then when they open the door act confused that you cant see them.

edit: my doorbell resets if you hold it down for 10 seconds then it takes wifi credentials with a QR code and thinks you are it's new owner.

Awesome, as it doesn't actually work from the street door right now, and I can't get the condo management company to fix it. Guess I just need to post a QR code outside?
Anyone is probably a hyperbole here, regardless its accessible via internet, it is always in the category of relatively secure. Applies to pretty much every device connected to internet. Absolute security is a myth, it does not exists.

One can argue that a particular manufacturer is relatively more secure than other, however as long as the software is changing/evolving, eventually it will opens up the possibility/window to hack it

Is this not more targeted at “badly developed IOT” generally as opposed to “your doorbell”? Bad title.
Can you actually access any of the doorbells on the internet with this? It reads to me like you need physical access to extract the signing keys etc over the debug port before you can actually impersonate the device
You can enumerate them against the API.
The most depressing part is that none of this sounds exotic
Can ring this Temu doorbell.
An attack that could remotely ring my old-fashioned hard-wired doorbell would be really cool to read about. It's the classic electromechanical style with an AC line transformer wired directly between the chime & the button.
If you want to do some fun hacking project, Temu and similar websites are a trove of insecure cheap IoT devices made with almost 0 security consideration. Security camera, car chargers, sport tracking devices, etc.

If you are a bad actor, that is also probably a very easy way to find new ways to enroll devices in your botnet.

Am I the only one who eventually got irritated by the LLM-like writing style? It's not quite the usual fare, but it became hard to ignore by the end.
(comment deleted)
Would be interesting to know if we can flash a new firmware onto this. Funnily enough I think I have one of these in my "shit to poke at" pile
OT: do many people who come to your door actually ring your doorbell? 95% of people who come to my door, which has a doorbell and does not have a knocker, knock.

Do people just prefer knocking nowadays? Have Ring type doorbells become so common that people don't realize that a simple pushbutton beside the door with no camera can be a doorbell?

I think that eeally depends on regions. Where I am located, nobody will ever knock and everybody uses the door bell.