Surprise, this $30 video doorbell has serious security issues
Anybody with the device's serial number can get time-stamped images from it.
Video doorbells manufactured by a Chinese company called Eken and sold under different brands for around $30 each come with serious security issues that put their users at risk, according to Consumer Reports. The publication found that these doorbell cameras are sold on popular marketplaces like Walmart, Sears and Amazon, which has even given some of their listings the Amazon Choice badge. They're listed under the brands Eken, Tuck, Fishbot, Rakeblue, Andoe, Gemee and Luckwolf, among others, and they're typically linked to a user's phone via the Aiwit app. Outside the US, the devices are sold on global marketplaces like Shein and Temu. We found them on Chinese website Alibaba and Southeast Asian e-commerce website Lazada, as well.
Based on Consumer Reports' investigation, these devices aren't encrypted and can expose a user's home IP address and WiFi network name to the internet, making it easy for bad actors to gain entry. Worse, somebody with physical access to the doorbell could easily take control of it by creating an account on the Aiwit app and then pressing down on its button to put it into pairing mode, which then connects it with their phone. And, even if the original owner regains control, the hijacker can still get time-stamped images from the doorbell as long as they know its serial number. If they choose "to share that serial number with other individuals, or even post it online, all those people will be able to monitor the images, too," Consumer Reports explains.
Based on the ratings these doorbells' listings got on Amazon, the platform has sold thousands to people who were probably expecting the devices to be able to provide some form of security for their homes. Instead, the devices pose a threat to their safety and privacy. The doorbells could even put people's well-being and lives at risk if, say, they have stalkers or are domestic violence victims with dangerous exes who want to follow their every move.
People who own one of these video doorbells can protect themselves by disconnecting it from their WiFi and physically removing it from their homes. Consumer Reports said it notified the online marketplaces selling them about its findings in hopes that their listings would get pulled down. Temu told the publication that it's looking into the issue, but Amazon, Sears and Shein reportedly didn't even respond.