Incident Details

Incident: Smart Doorbell Hack Allows Fake Footage Injection and Eavesdropping.

Published Date: 2019-02-28

Postmortem Analysis
Timeline	1. The software failure incident with the flaw in smart doorbells made by Amazon-owned Ring happened before the article was published on February 28, 2019 [80887]. Therefore, the software failure incident likely occurred sometime before February 28, 2019.
System	1. Ring smart doorbells made by Amazon-owned Ring [80887]
Responsible Organization	1. Security researchers from BullGuard's Dojo network security division identified the flaw in the smart doorbells made by Amazon-owned Ring, which allowed hackers to splice fake footage into the video feed and potentially listen in on live audio and video broadcasts [80887].
Impacted Organization	1. Users of smart doorbells made by Amazon-owned Ring were impacted by the software failure incident [80887].
Software Causes	1. The software cause of the failure incident was a flaw in the smart doorbells made by Amazon-owned Ring that allowed hackers to splice fake footage into the video feed and potentially listen in on live audio and video broadcasts [80887].
Non-software Causes	1. Lack of encryption in transmitting audio and video data between the Ring app and the video camera, allowing hackers to intercept the feed [80887]. 2. Vulnerability in the Ring doorbells that enabled hackers to insert fake footage into the user's camera feed [80887]. 3. Ring employees being given access to live footage from customers' cameras, potentially compromising privacy and security [80887].
Impacts	1. The software failure incident in Ring's smart doorbells allowed hackers to splice fake footage into users' video feeds and potentially listen in on live audio and video broadcasts, compromising users' privacy and security [80887]. 2. The vulnerability exposed by the flaw in Ring's smart doorbells could lead to dangerous scenarios, such as convincing homeowners that someone is at their front door, making them vulnerable to burglaries [80887]. 3. Particularly dedicated attackers could exploit the software flaw to gather sensitive information about households, including daily habits, names, and details about family members, posing a significant risk to users' privacy and safety [80887].
Preventions	1. Regular security audits and testing by independent cybersecurity firms could have potentially identified the flaw in the smart doorbells made by Ring before it was exploited by hackers [80887]. 2. Implementing end-to-end encryption for audio and video transmissions between the Ring app and the video camera could have prevented hackers from intercepting and manipulating the data packets [80887]. 3. Ring could have enforced mandatory software updates for users to ensure that all devices are running the latest patched versions, thereby reducing the number of vulnerable devices in the network [80887].
Fixes	1. Ring has patched the flaw in the app's latest software update, version 3.4.7. Users should update their Ring app to this latest version to fix the vulnerability [80887].
References	1. Security researchers from Dojo, the network security division of cyber security firm BullGuard [80887] 2. Ring spokesperson [80887] 3. Dojo security researcher Or Cyngiser [80887] 4. Report from The Intercept [80887]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident related to Ring doorbells allowing hackers to splice fake footage into the video feed and listen in on live audio and video broadcasts is not the first security issue faced by Ring. In a previous incident reported in January, Ring allowed its employees to watch live footage from customers' cameras, raising concerns about privacy and security. The employees reportedly had access to unfiltered, round-the-clock feeds of some users' footage, including footage from inside users' homes. This incident highlighted a breach of privacy and security protocols within the organization [80887]. (b) The software failure incident involving Ring doorbells is not an isolated case, as similar security issues have been reported with smart devices from other companies as well. The vulnerability discovered in Ring's smart doorbells, which allowed hackers to manipulate the video feed and listen in on audio, raises concerns about the overall security of smart home devices. This incident serves as a reminder of the potential risks associated with IoT devices and the importance of robust security measures across various organizations offering similar products and services [80887].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase can be attributed to a flaw in the smart doorbells made by Amazon-owned Ring. Security researchers identified a vulnerability that allowed hackers to splice fake footage into the video feed and potentially listen in on live audio and video broadcasts. This flaw was discovered by Dojo, the network security division of cyber security firm BullGuard, and was presented at the annual Mobile World Congress conference [80887]. (b) The software failure incident related to the operation phase was due to the way audio and video data were transmitted between the Ring app and the video camera in plain text. This allowed hackers to listen in on video and audio recordings from the Ring device. Additionally, hackers could insert fake footage into the user's camera feed after joining the same WiFi network. This operation-related failure was exploited by attackers who were able to capture Ring data traffic and inject their own footage onto the device's video feed, which worked smoothly and was undetectable from within the app [80887].
Boundary (Internal/External)	within_system, outside_system	(a) within_system: The software failure incident involving the Ring smart doorbells was due to a flaw within the system itself. Security researchers identified a vulnerability in the Ring app that allowed hackers to intercept audio and video transmissions in plain text, enabling them to listen in on live broadcasts and insert fake footage into the video feed [80887]. (b) outside_system: The software failure incident was also influenced by factors outside the system. For example, the attack required the hacker to either join the device owner's WiFi network or create a rogue WiFi network and wait for the device owner to join, indicating that external access to the network was a contributing factor to the vulnerability [80887].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident in the Ring smart doorbells was due to non-human actions, specifically a flaw in the software that allowed hackers to intercept and manipulate the video feed and audio transmissions [80887]. (b) The software failure incident in the Ring smart doorbells was also influenced by human actions. The vulnerability was discovered by security researchers from BullGuard's Dojo network security unit through ethical hacking practices, highlighting the role of human actions in identifying and addressing the flaw [80887].
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident related to hardware: - The vulnerability in the smart doorbells made by Ring allowed hackers to splice fake footage into the video feed and potentially listen in on live audio and video broadcasts [80887]. - The flaw was discovered by security researchers from BullGuard's Dojo network security unit, indicating that the issue originated in the hardware of the Ring doorbells [80887]. (b) The software failure incident related to software: - The flaw in the Ring doorbells' software allowed hackers to intercept audio and video transmissions in plain text, enabling them to insert fake footage into the camera feed [80887]. - Ring addressed the software flaw by releasing a patch in the app's latest software update, version 3.4.7, indicating that the failure originated in the software of the Ring app [80887].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident related to the Ring smart doorbells made by Amazon-owned Ring was malicious in nature. Security researchers identified a flaw that could allow hackers to splice fake footage into the video feed, listen in on live audio and video broadcasts, and potentially gather sensitive information about households [80887]. The vulnerability was discovered by Dojo, the network security division of cyber security firm BullGuard, through ethical hacking techniques. Hackers could exploit the flaw by intercepting data packets in plain text, joining the same WiFi network as the device owner, and injecting their own footage into the video feed, leading to dangerous scenarios like convincing homeowners that someone is at their front door [80887]. Additionally, in a separate incident reported in the article, Ring employees were found to have access to live footage from customers' cameras, raising concerns about privacy and security. The employees reportedly had access to unfiltered, round-the-clock feeds of some users' footage, which were shared between employees on company servers. This incident highlights a breach of privacy and security protocols, indicating a malicious intent to access sensitive customer data [80887].
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The software failure incident related to the Ring smart doorbells was primarily due to poor decisions made in the design and implementation of the device's security features. The vulnerability that allowed hackers to splice fake footage into the video feed and listen in on live audio and video broadcasts was a result of transmitting audio and video data between the Ring app and the video camera in plain text, making it easy for hackers to intercept and manipulate the data [80887]. Additionally, the incident where Ring employees were found to have access to live footage from customers' cameras raised concerns about privacy and security practices, indicating poor decisions in handling sensitive customer data [80887].
Capability (Incompetence/Accidental)	development_incompetence, accidental	(a) The software failure incident related to development incompetence can be seen in the case of the flaw discovered in smart doorbells made by Amazon-owned Ring. Security researchers identified a vulnerability that allowed hackers to splice fake footage into the video feed and potentially listen in on live audio and video broadcasts [80887]. The flaw was due to the transmission of audio and video between the Ring app and the video camera in plain text, making it possible for hackers to intercept and manipulate the data. This indicates a lack of professional competence in ensuring secure communication protocols and encryption standards in the development of the Ring doorbell software. (b) The software failure incident related to accidental factors can be observed in the unintentional exposure of Ring customers' live footage to employees. In January, it was reported that Ring allowed its employees to watch live footage from customers' cameras, including unfiltered feeds of some users' footage [80887]. This accidental exposure of sensitive customer data was not intentional but occurred due to the permissions and access granted to employees, leading to a breach of privacy and security protocols.
Duration	temporary	The software failure incident related to the Ring smart doorbells was temporary. The vulnerability that allowed hackers to splice fake footage into the video feed and listen in on live audio and video broadcasts was identified by security researchers from BullGuard's Dojo network security unit [80887]. This flaw was subsequently patched by Ring in the app's latest software update, version 3.4.7 [80887]. The temporary nature of this software failure is evident from the fact that once the flaw was fixed in the software update, users who updated to the latest version were no longer affected by the vulnerability [80887].
Behaviour	omission, value, other	(a) crash: The software failure incident in the article does not involve a crash where the system loses state and stops performing its intended functions. (b) omission: The software failure incident in the article involves omission as hackers were able to listen in on live audio and video broadcasts from Ring doorbells and insert fake footage into the user's camera feed [80887]. (c) timing: The software failure incident in the article does not involve timing issues where the system performs its intended functions but at the wrong time. (d) value: The software failure incident in the article involves a value failure as hackers were able to manipulate the video feed and insert fake footage, leading to incorrect information being displayed to users [80887]. (e) byzantine: The software failure incident in the article does not involve a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The other behavior in this software failure incident is related to a security vulnerability that allowed hackers to intercept and manipulate data packets containing audio and video transmissions between the Ring app and the video camera, leading to unauthorized access and manipulation of the feed [80887].

IoT System Layer

Layer	Option	Rationale
Perception	network_communication, embedded_software	(a) sensor: The software failure incident related to the Ring smart doorbells was not directly attributed to a sensor error. The vulnerability discovered by security researchers from BullGuard's Dojo network security unit was related to the transmission of audio and video data between the Ring app and the video camera in plain text, allowing hackers to listen in on live audio and video broadcasts and insert fake footage into the user's camera feed [80887]. (b) actuator: The software failure incident did not involve an actuator error. The vulnerability in the Ring smart doorbells allowed hackers to manipulate the video feed and listen in on audio broadcasts but did not involve any issues related to actuator control or manipulation [80887]. (c) processing_unit: The software failure incident did not stem from a processing error in the processing unit of the Ring smart doorbells. The vulnerability was related to the transmission of data packets in plain text, enabling hackers to intercept and manipulate audio and video feeds, rather than a failure in the processing unit itself [80887]. (d) network_communication: The software failure incident was directly related to a network communication error. Security researchers found that audio and video data were transmitted between the Ring app and the video camera in plain text, making it possible for hackers to intercept and manipulate the data packets, leading to unauthorized access to live audio and video broadcasts and the insertion of fake footage into the camera feed [80887]. (e) embedded_software: The software failure incident was linked to an embedded software error. The vulnerability in the Ring smart doorbells was due to a flaw in the software that allowed audio and video data to be transmitted in plain text, enabling hackers to exploit this weakness to manipulate the camera feed and listen in on live broadcasts [80887].
Communication	link_level, connectivity_level	The software failure incident reported in Article 80887 was related to the communication layer of the cyber physical system that failed at both the link_level and connectivity_level. 1. Link Level: The vulnerability in the smart doorbells made by Ring allowed hackers to intercept audio and video data transmitted between the Ring app and the video camera in plain text. This flaw enabled hackers to listen in on live audio and video broadcasts and insert fake footage into the user's camera feed [80887]. 2. Connectivity Level: The attack involved the attacker either joining the device owner's WiFi network or creating a rogue WiFi network to capture Ring data traffic before passing it on to the app. This indicates a failure at the network layer where unauthorized access to the network allowed for the interception and manipulation of data packets [80887].
Application	TRUE	The software failure incident related to the Ring smart doorbells made by Amazon-owned Ring, where hackers could splice fake footage into the video feed and listen in on live audio and video broadcasts, can be attributed to a flaw in the application layer of the cyber physical system. This failure was due to contributing factors introduced by bugs and incorrect usage. The vulnerability allowed hackers to intercept and manipulate data packets containing audio and video in plain text, enabling them to insert fake footage into the camera feed without detection from within the Ring mobile app [80887].

Other Details

Category	Option	Rationale
Consequence	non-human, theoretical_consequence	(a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident reported in the articles. [80887] (b) harm: People were physically harmed due to the software failure - There is no mention of physical harm to individuals resulting from the software failure incident. [80887] (c) basic: People's access to food or shelter was impacted because of the software failure - There is no mention of people's access to food or shelter being impacted by the software failure incident. [80887] (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident could potentially lead to dangerous scenarios like convincing homeowners that someone is at their front door, leaving them vulnerable to burglaries. Additionally, particularly dedicated attackers could learn sensitive information about a certain household, including their daily habits, names, and details about family members. However, there is no direct mention of material goods, money, or data being impacted. [80887] (e) delay: People had to postpone an activity due to the software failure - There is no mention of people having to postpone activities due to the software failure incident. [80887] (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident involved a flaw in smart doorbells made by Amazon-owned Ring, which could potentially allow hackers to splice fake footage into the video feed and listen in on live audio and video broadcasts. This could impact the privacy and security of individuals using the smart doorbells. [80887] (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had real observed consequences related to potential security breaches and privacy concerns for users of the Ring smart doorbells. [80887] (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discuss potential consequences of the software failure incident, such as hackers being able to insert fake footage into the user's camera feed, listen in on audio and video recordings, and learn sensitive information about households. These consequences were addressed through a software update to patch the flaw. [80887] (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There are no other consequences mentioned in the articles beyond those related to security breaches, privacy concerns, and potential vulnerabilities in the Ring smart doorbells. [80887]
Domain	information	(a) The failed system in this incident is related to the information industry as it involves smart doorbells made by Amazon-owned Ring that transmit audio and video data between the device and the mobile app [80887]. The vulnerability allowed hackers to manipulate the video feed and listen in on live audio and video broadcasts, impacting the production and distribution of information.

Sources

Worrying flaw in Amazon Ring doorbells could let hackers insert fake footage into your video feed - Daily Mail - Published on: 2019-02-28
Article ID: 80887

Back to List