Security flaws in smart doorbell cameras have been identified, enabling threat actors to remotely view footage or even take control of the devices. Researchers found that numerous doorbell cameras, sold under different brand names but controlled through the same mobile app called Aiwit, are affected by these vulnerabilities. This poses a significant risk to users, particularly those facing threats from stalkers or abusive partners, as they may unknowingly become subjects of surveillance through their own devices.
The vulnerabilities allow attackers to create accounts on the app and gain access to nearby doorbell cameras by pairing them with other devices. Notably, the flaws were discovered in doorbell cameras sold under various brand names, highlighting the widespread nature of the issue. Additionally, some of these devices lack the necessary Federal Communications Commission (FCC) ID, a mandatory requirement for their sale in the U.S., further exacerbating concerns about their security and compliance.
Online marketplaces like Walmart have taken steps to remove the flawed products from their catalogs and offer refunds to affected customers. However, despite these efforts, the devices remain available for purchase on platforms like Amazon, raising questions about the responsibility of e-commerce giants in ensuring the safety and security of the products they sell. Justin Brookman, director of technology policy for CR, emphasizes the need for platforms like Amazon to take proactive measures in vetting sellers and addressing consumer complaints to prevent unsuspecting customers from being exposed to faulty and potentially harmful products.
