Video doorbells make it easy to watch who’s coming and going, but who else might be viewing those videos? The answer: hackers and you’d likely never know it.
A new Consumer Reports investigation found troubling security flaws in some video doorbells sold by the country’s biggest retailers.
Consumer Reports’ extensive security tests revealed several video doorbells with serious security flaws that could make users vulnerable to a security breach.
They all use the same mobile app called Aiwit.
The devices CR tested are sold under the brand names Eken and Tuck.
The doorbells are also sold under many other brand names, including Fishbot, Rakeblue, Andoe, Luckwolf, and more. Retailers, including Amazon, Walmart, Sears, Shein and Temu, also sell them.
Outsiders aren’t supposed to have access to the doorbell, but security was so poor in some that Consumer Reports’ researchers could get in and watch a fellow researcher go in and out of her home from nearly 3,000 miles away.
“We were really surprised to find that anyone could walk up to one of these doorbells and take it over in a matter of seconds, and from there actually view screenshots of the doorbell potentially from thousands of miles away,” Consumer Reports’ Dan Wroclawski said.
They found that the doorbells expose the owner’s home IP address and WiFi network without encryption.
“Your home is deeply personal and private,” Wroclawski said. “If someone is able to view your doorbell camera and see when you come and go, it presents a lot of security risks. For example, an abuser or a stalker could keep tabs on a victim, and it could create a very dangerous situation.”
Experts blame the flood of cheap, insecure electronics from overseas manufacturers sold in the U.S. as a growing problem.
“Retailers do very little to vet these products, and it’s very easy to become a seller on one of these online marketplaces,” Wroclawski said.
Consumer Reports reached out to Eken and Tuck but has not received a response.
If you have a video doorbell that uses the mobile app Aiwit, Consumer Reports recommends disconnecting it from your home WiFi and removing it from your door.
CR has evaluated video doorbells with much better security from brands including Logitech, SimpliSafe and Ring.
CR has also shared its findings with the Federal Trade Commission, which has the power to remove products like these from the marketplace. The agency declined to comment.