'Models with defective security' are on the market with smart doorbells that can be used even while you are away from your smartphone.

A 'smart doorbell' that allows you to respond to visitors from your smartphone and monitor the situation at the front door even when you are out, and 'connects to some of the models handled by e-commerce sites such as Amazon and eBay.' It has been reported that it was found that there was a 'vulnerability that could break into the network'.

The smart video doorbells letting hackers into your home – Which? News
https://www.which.co.uk/news/2020/11/the-smart-video-doorbells-letting-hackers-into-your-home/

'Smart' doorbells for sale on Amazon, eBay came stocked with security vulnerabilities
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/

According to reports from the British security company ' NCC Group ' and the consumer protection group ' Which? ', 11 types of smart doorbells handled by Amazon, eBay, etc. are 'vulnerable to KRACK ' and 'lack of data encryption'. 'Excessive data collection' and 'weak password policy' were found.

For example, the smart doorbell 'Victure VD300', which has a high score of 4.3 out of 5 in more than 1000 reviews on Amazon, is a Chinese server with the SSID and password of the Wi-Fi used by the user in plain text. I found that I was sending to.

According to NCC Group researchers, Amazon sells imitations that look almost the same as the Victure VD300, and the imitations have exactly the same vulnerabilities as the Victure VD300.

In addition, the Qihoo 360 D819 smart doorbell can be easily removed by using the tool used to remove the SIM card, even if it is attached to the door or wall. So, Who could have stolen the doorbell itself, reset it, and resell it? Says. In addition, the Qihoo 360 D819 is less secure because the recordings are stored unencrypted.

All of these vulnerable smart doorbells were manufactured by unknown vendors, but they have all been highly rated in reviews and have been picked up by Amazon and eBay as 'good-selling products.' It was said that. The researchers are concerned that some smart doorbells may store sensitive data, such as audio, video, and location information taken by the doorbell's camera, on an insecure server.

Which? Is calling for the following five things to keep in mind to avoid buying smart doorbells with flawed security.

1: Whenever you buy a product of a brand you have never heard or seen, search by brand name and investigate.
2: Check if the review is true.
3: Change your password regularly.
4: Always update the firmware and OS to the latest version.
5: Set up two-factor authentication to increase security level