How can I tell if my Ring doorbell has the update that protects me from the latest vulnerability?
This question was answered on November 7, 2019. Much of the information contained herein may have changed since posting.
The Ring doorbell is an extremely popular device that millions of households around the world have installed for security purposes and because it’s so popular, it’s also the constant focus of security researchers.
The Recent Vulnerability
In the most recent vulnerability, it was discovered to be possible for your Ring doorbell to broadcast the password for your Wi-Fi network in plain text (http:// instead of https://) which could technically allow anyone nearby to capture it and access your home network.
Once a malicious user has access to your home network, they can potentially access sensitive information or other devices connected to your network.
This vulnerability was only possible during the initial setup process, but researchers pointed out that fake messages to the user could trick them into thinking that they needed to reconfigure their Ring device and it’s not hard to figure out which homes have the doorbell.
While from a technical standpoint this could have been a major issue, the likelihood that anyone that had the knowledge of how to exploit this hole would bother with such a random set of variables is pretty low.
This type of vulnerability is generally referred to as ‘proof of concept’ when reported by researchers that can demonstrate it in a controlled laboratory setting that often has very little resemblance to real world scenarios.
Despite the low likelihood of it being exploited, the researchers reported the issue to Ring before publicly disclosing the issue so the company could create and distribute a patch for the hole.
Updates to hardware are generally done through ‘firmware’, which is software specifically designed to control hardware devices.
Is My Doorbell Updated?
Ring doorbells are setup to automatically install updates, so your device should already be protected, but here’s how to check for yourself:
- Open the Ring app, and select your Ring device.
- Click on ‘Device Health’ near the bottom of the app.
- Under Device Details, find Firmware.
- If your firmware is up-to-date, it will say "Up to date." - If there is a number, your firmware needs to be updated.
When Ring devices are in the process of updating, the light surrounding the button on the device will generally be flashing, so when this is happening, make sure not to press the button.
What’s Connected to My Wi-Fi?
This points out how any device you connect to your network can potentially be exploited to allow unauthorized users to access your entire network. Routinely checking to see what devices are connected to your network can be done easily with an app called Fing (https://fing.com).
Make sure you’re connected to your network, then go to the ‘Devices’ section of the app and tap the refresh icon in the upper right corner to have it scan your network. Once it’s completed, a list of devices will appear with various identifiers.
If you don’t recognize something in the list, you can do a Google search with the technical information that appears in the app or post a question in their user forum to help identify the device.
About the author
Posted by Ken Colburn of Data Doctors on November 7, 2019