December 7, 2024
Doorbell cameras on Amazon, Walmart and Temu aren’t safe

Video doorbells are supposed to help keep your home safe from strangers. Thanks to poor software security, however, they could be letting strangers in.

Researchers at Consumer Reports found vulnerabilities in popular video doorbells on major online retail sites including Amazon, Walmart and Temu, according to a report released Thursday. Hackers could use a companion app to take over the devices and view camera footage, the report found.

The doorbells were sold under a variety of brand names, mainly Eken and Tuck, on Amazon, Walmart, Sears, Shein and Temu. All the doorbells paired with the app Aiwit and were manufactured by the Chinese company Eken Group Ltd., Consumer Reports said. Some doorbells were also missing a registration code required by the Federal Communications Commission (FCC).

This finding is the latest example of how tough it is to vet products we buy online. Buggy software in off-brand smart devices is a recurring problem, but digital marketplaces such as Amazon have done little to rein in offending manufacturers. Combine that with sponsored search results and opaque labeling — Amazon repeatedly called the Eken doorbells an “Amazon’s Choice: Overall Pick” — and shoppers have little recourse to figure out which devices are safe.

Despite the explosion of internet-connected smart home devices, software security has been slow to catch up. Smaller brands churn out smart lightbulbs and speakers to compete with bigger companies, often cutting corners on security. Big brands, meanwhile, do a better job with security but create new privacy concerns — do we really want Amazon peeking into every corner of our homes? Efforts to label consumer tech with simple security facts have languished.

(Amazon founder Jeff Bezos owns The Washington Post.)

Meanwhile, large online marketplaces put unvetted gadgets in front of millions of shoppers. In January alone, Amazon sold 4,200 Eken doorbells under 11 product listings, according to Consumer Reports. Whether you’re shopping for smart home tech or a simple tank top, having to navigate a sea of unfamiliar brands and dubious product reviews is now common. Online retailers need to do more to keep shoppers safe from scams and low-quality products, the Consumer Reports authors wrote. Consumer Reports also sent a letter to the Federal Trade Commission, FCC and California Attorney General requesting they step in and halt sales of the doorbells.

Eken Group, Amazon, Sears and Shein didn’t comment in response to outreach from The Washington Post. On Wednesday night, the doorbells appeared to still be available on Amazon.

Walmart told Consumer Reports that all products on its marketplace must be safe and up to Walmart’s standards. Visually identical doorbells that pair to the same app were still available on Walmart’s site Wednesday night.

Temu told Consumer Reports it was investigating the products and halting sales of those models, but the models appeared to remain on the site, Consumer Reports wrote. Later, in response to The Post, Temu again said it had removed all related products, but doorbells that appear to be the same model were still available on Temu on Wednesday night.

What to do if your doorbell is affected

If you bought a vulnerable doorbell from one of these marketplaces, consider switching to a larger, better-vetted brand such as Ring or Nest.

You might even decide to nix the video doorbell altogether. The constant presence of video cameras can turn our streets and homes into weird panopticons, my colleague Drew Harwell wrote. Ring just recently stopped partnering with police to share camera footage in the face of growing privacy concerns. Not everyone who gets recorded knows they’re being watched, and the temptation to snoop can be strong. Plus, securely setting up a home camera system requires some extra tech chores.

One thing is clear: Deciding who gets to peek into our homes (even the front stoops) is sensitive. And camera-enabled doorbells are a bad spot for unsafe software.

Which doorbells may be vulnerable

Vulnerable doorbells from Eken Group were sold under many brand names, including the following:

  • Eken
  • Tuck
  • Fishbot
  • Rakeblue
  • Andoe
  • Gemee
  • Luckwolf

link

Leave a Reply

Your email address will not be published. Required fields are marked *