Eken fixes ‘terrible’ video doorbell issue that could let someone spy on you

A institution that manufactures video doorbells recovered by Consumer Reports to incorporate superior information vulnerabilities has issued a fix, nan user defense group is reporting. Eken Group has issued a firmware update for nan affected information products nether its ain name, arsenic good arsenic those from different brands it has licensing deals with, including Fishbot, Rakeblue, Tuck, and others. All nan video doorbells usage nan Aiwit smartphone app and could beryllium purchased from celebrated online retailers for illustration Amazon, Shein, Temu, and Walmart. 

Back successful February, CR reported that it recovered vulnerabilities successful Eken-produced video doorbells that “could let a vulnerable personification to return power of nan video doorbell connected their target’s home.”

Gaining entree to nan doorbell didn’t moreover require immoderate level of hacking knowledge: bad actors could simply download nan Aiwit app, spell to their target’s home, and clasp down nan doorbell’s fastener to brace it pinch their ain smartphones, alteration their Wi-Fi network, and return power of nan device. 

Additionally, anyone pinch nan doorbell’s serial number could remotely position still images from nan video provender — no password aliases relationship required, CR security experts found. Doorbell owners didn’t person a notification of immoderate benignant if different personification accessed their video provender successful this manner.

The doorbells besides didn’t encrypt nan user’s location IP reside aliases Wi-Fi network, leaving some perchance exposed to criminals.

The doorbells that CR initially rated were sold nether nan marque names Eken and Tuck and seemed identical, down to them some requiring users to download nan Aiwit smartphone app. The group later recovered 10 different seemingly identical doorbells made by Eken but sold nether a number of different marque names. 

CR has reviewed Eken’s firmware update and says nan problem has been fixed. “While we would for illustration that products beryllium safe and unafraid from their first launch, nan expertise of our testing to uncover vulnerabilities results successful amended products for consumers,” CR’s elder head of merchandise testing, Maria Rerecich, said successful its report. 

As a consequence of CR’s reporting, nan FCC has asked Amazon, Sears, Shein, Temu, and Walmart for much details astir really they vet products sold connected their platform. None of nan 5 retailers person responded to CR’s petition for remark connected nan matter.

Eken’s video doorbells besides lacked Federal Communications Commission ID labels, which are required by law, CR found. The institution has since added nan FCC IDs to nan physics manuals for nan doorbells. 

Since CR published its February report, galore of nan Eken doorbells person been pulled from online retailers. Notably, a number of nan doorbells were selected arsenic Amazon: Overall Picks aliases pinch nan Amazon’s Choice badge, a explanation pinch mysterious criteria that Amazon has refused to explicate afloat and tin beryllium recovered connected galore dubious products.

If you ain an Eken-produced video doorbell, beryllium judge to cheque if your firmware is up to date. Your doorbell should person nan update automatically, but it’s smart to double-check. Go to nan “Devices” page connected nan Aiwit app and pat connected nan doorbell’s name, which should unfastened up nan settings. The firmware number should beryllium 2.4.1 aliases higher, which indicates it’s up to date.