Blair’s fellow test engineer, David Della Rocca, discovered several brands that share a manufacturer, and thus share several serious security risks. Blair claimed that exploiting these risks was how he gained access to Higginbotham’s home network, and that all of them were missing a legally required visible ID issued by the Federal Communications Commission. This actually means that these doorbells aren’t just unsafe, but it’s actually illegal to distribute them in the U.S.
Consumer Reports then went on to state that thousands of these products are sold every month across multiple major marketplaces, and listed several brands of video doorbells that are the most vulnerable to these kinds of attacks. The first two were called Eken and Tuck.
“The two devices stood out not just because of the security problems but also because they appeared to be identical, right down to the plain white box they came in, despite having different brand names,” Consumer Reports stated. Additional research later in the report yielded that over 10 additional smart doorbells, sold under a variety of separate brand names, were all controlled by the same “Aiwit” mobile app — developed by the aforementioned Eken.
Consumer Reports also claimed that it later tested doorbells from the brands Fishbot and Rakeblue and found the same security flaws. It is recommended that owners of these video doorbells disconnect them from their Wi-Fi immediately and replace them with a different, verifiably secure camera doorbell.
