- by Matt Halsey
Have a connected home? Have an internet connection? Then you too can have a conversation with Chinese website Baidu.
Huge Vulnerability Discovered in the Ring Doorbell This article highlights the intrinsic need for there to be a means to secure IoT devices.
It was only a few months ago that the Mirai botnet, using home video surveillance cameras, was able to launch the largest DDoS attack in history.
Read the article.
Then you can read the comments from someone claiming to be the head of security at Ring, name Matt, here (italics added):
Hi I'm the VP of Security at Ring and I thought it might be helpful to give you all some background on what you are seeing.
Occasionally at the end of live call or motion, we will lose connectivity. Rather than abandoning the entire call, we send the last few audio packets that are corrupted anyway to a non-routable address on a protocol no one uses. The right way to do that is to use a virtual interface or the loopback to discard the packets. The choice to send it to somewhere across the world and let the ISP deal with blocking is a poor design choice that the teams on working on addressing ASAP.
From a risk/disclosure perspective, it's relatively benign but like the everyone else, when my team first saw it in the wild we had similar concerns.
i will circle back when we have updated firmware.
Ring Pro doorbell - calling China?
So what to do:
1. Go to Industrial Internet Consortium and see how Dell and EMC, now Dell|EMC and Dell Technologies are helping to secure the IoT world.
2. Realize that IoT is in its infancy if not earlier where security is concerned....like when we used to leave Telnet, TFTP, and FTP ports open on our internet facing servers....
3. Be ready to help our customers understand that encryption, especially our products, can help protect them when vendors of IoT devices don't finish their job in securing the devices.