2N has provided some guidance to people with smart doorbells following the Which? consumer group calling the government to provide more legislation to improve security on the devices.
Many smart doorbells were found to have
serious security flaws when tested by the watchdog.
According to 2N, physical and virtual attackers can use intercoms and access control devices to discover passwords, ‘eavesdrop’ on unencrypted conversations and gain full access to data, applications and personal property to perpetrate ransomware and man-in-the-middle attacks, or even sneak into the building.
“Installing a smart doorbell offers users convenience, flexibility and home security,” points out Tomáš VystavÄ›l, chief product officer at 2N. “But as Which? has identified, consumers must look for excellent security standards, not just a good user experience.
“The 2N Indoor View uses 2N’s own operating system to provide users with the highest levels of security and protecting their personal data. No one wants to unwittingly give hackers opportunities to access their personal information. Consumers are strongly advised to do their research before choosing a video intercom device.”
Common flaws
The report from Which? has showed there can be many security defects in smart doorbell devices. The operating system coding could be flawed which would enable hackers to gain full access to the intercom device.
Sometimes, web security weaknesses occur that allow an attacker to carry out random operating system commands on the server that is running an application, thus enabling access to the application and all its data.
There also could be vulnerabilities in the system that allow a remote attacker to upload a manipulated ringtone file which could enable a complete system takeover.
Furthermore, unsecured, non-encrypted communication could allow an attacker to listen in on a conversation, also known as a man-in-the-middle attack.
The new 2N Indoor View is designed to avoid these weaknesses.
Tackling the issues
Although these flaws are very serious, they can be avoidable. 2N advises that consumers choose a reliable, bespoke security solution tailored specifically for ICS environments that always keeps the network secure.
Customers can also create an independent network that is dedicated exclusively to devices that handle sensitive information using VLAN as well as ensuring that manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS, or SRTP by default.
Similarly, a separate network can be created for IoT devices and choose a strong password for the router. Homeowners should never install new electronic devices without checking the manufacturer and security standards.
Another protection method would be to create different accounts that carry different privileges. A user will only be able to make changes related to their specific tasks, while the administrator will be given greater privileges to manage the building and all linked accounts.
Something that should be done regularly is software updates. 2N explains that by installing the latest firmware version on devices, it helps mitigate cybersecurity risks. Each new release fixes bugs found on the software by implementing the latest security patches.
Passwords should be strong and complex. Try to use at least six characters consisting of a combination of numbers, letters and symbols.
Finally, 2N advises that regular security audits of the IT infrastructure should be conducted to identify and eliminate possible vulnerabilities.