Cheap Video Doorbells Make You Pay with Your Privacy
Toggle Dark Mode
In today’s digital economy, inexpensive electronics often come with a much higher hidden price tag attached. That probably shouldn’t come as a big surprise in a world of “free” services from tech giants like Google and Facebook, but sometimes that’s easier to miss when it comes to seemingly innocuous hardware devices.
Such is the case with many of the inexpensive video doorbells sold in online marketplaces like Amazon and Walmart — even those branded with the somewhat dubious “Amazon’s Choice” recommendation.
The folks at Consumer Reports discovered numerous video doorbells sold on Amazon under a wide range of brand names that all had serious security flaws, allowing their video feeds to be monitored by anybody who can get their hands on the device’s serial number.
The doorbells were sold under at least ten different brands, including Tuck, Fishbot, Rakeblue, Andoe, Gemee, and Luckwolf. However, they all appear to be manufactured by a Chinese company named Eken and are controlled using the same mobile app, Aiwit.
The security on these doorbells is so absurdly weak that they shouldn’t even be sold by major online retailers, much less promoted as recommended products.
Devices designed to make someone feel safe at home, while actually doing the opposite, shouldn’t be allowed on the market. Adam Dodge, CEO of EndTAB, speaking to Consumer Reports
Security experts consulted by Consumer Reports noted that the devices don’t even use Wi-Fi encryption — an “egregious” omission that could indicate “a whole host of bad practices,” notes Beau Woods, a digital security researcher with the cybersecurity advocacy group I Am The Cavalry.
As a result, they’re exposing your home IP address and Wi-Fi network name to the internet, creating a possible attack vector for cybercriminals. However, it’s also trivially easy to take control of one of these doorbells, with “no tools or fancy hacking skills needed,” making them particularly dangerous to those who are potential victims of abuse by those who know where they live.
A Stalker’s Dream
According to testing by Consumer Reports, anyone who can physically access one of these doorbells — by simply walking up to your front door, for example — can pair it with their smartphone by doing little more than holding down the button. While the actual owner will be notified of this, they’ll likely assume it’s just a glitch and re-pair the device themselves.
However, once the stalker gets their hands on the doorbell’s serial number — which shows up after it’s paired — they can continue monitoring the doorbell’s camera feed, with no way to stop it except by disconnecting the device entirely.
In our scenario, the dangerous actor will continue to see time-stamped photos of everyone who comes and goes. And if he chooses to share that serial number with other individuals, or even post it online, all those people will be able to monitor the images, too. Consumer Reports
No password or account is needed to do this, and the owner won’t get any notification that someone else is watching. It’s a security hold so gapingly wide you could fly a jumbo jet through it.
Perhaps the most terrifying thing is that Amazon, Walmart, and others continue to sell these doorbells under a wide variety of different brands, and the Amazon ratings suggest that they’ve been sold to thousands of people — more than 4,200 in January alone, according to Consumer Reports.
Thousands of these video doorbells are sold each month on Amazon and other online marketplaces, including Walmart, Sears, and the globally popular marketplaces Shein and Temu. Experts say they’re just a drop in the flood of cheap, insecure electronics from Chinese manufacturers being sold in the U.S. Consumer Reports
Consumer Reports reached out to the online marketplaces. In a surprising twist, only Temu responded positively, with an emailed statement noting that it was reviewing the findings and had pulled the Eken-made doorbells from its site, although numerous similar ones remain. Walmart responded with a more generic statement that it expects its products “to be safe, reliable and compliant with our standards and all legal requirements” and that products that aren’t will be removed. However, it’s unclear if Walmart has done so, as many remain available. Amazon, Sears, and Shein didn’t respond at all to questions from Consumer Reports.
To make matters even more perplexing, none of the doorbells sold by Amazon in the United States carried the necessary identifiers to indicate that they were certified by the Federal Communications Commission (FCC). While some appeared to have records online showing FCC certification, it’s still illegal to sell them in the US without visible FCC IDs. Consumer Reports flagged the Tuck video doorbell to Amazon, but it remains available for purchase.
Amazon’s Choice?
Perhaps the worst part of this is how often the Eken and Tuck video doorbells have carried the “Amazon’s Choice: Overall Pick” badge in the past few months — badges that have continued to appear even after Consumer Reports alerted Amazon to the gaping security flaws in these devices.
However, it also illustrates how “Amazon’s Choice” is one of the most misleading labels in the online retail world. While you might assume this means that products are handpicked by Amazon employees for quality and value, nothing could be further from the truth.
Instead, as Amazon points out in its FAQ, these products are algorithmically selected using criteria such as ratings, price, popularity, product availability, and fast delivery. How these factors are balanced is anyone’s guess, as the process is a black box that Amazon doesn’t talk about, but the emphasis seems to be on those products that are “delivered faster and returned less frequently than alternative products.”
The bottom line is that you should never trust products from companies you’ve never heard of, especially ones that have even the slightest potential to compromise your privacy and security. Even popular brand-name doorbells have had their share of security problems, but at least you know that they’re reviewed, tested, and used widely enough that any issues will quickly come to light — and just as quickly be fixed by the manufacturers.
For Apple users, the best home security cameras are those that support HomeKit Secure Video since this provides very secure end-to-end encryption of the video streams. Anker’s eufyCam 2C Pro is a setup I personally use around my own home, alongside Logitech’s Circle View Doorbell Camera; Eufy makes some great video doorbells that are well-suited to other platforms, but they’re sadly not HomeKit compatible.
