For more than a decade, Bitdefender has extensively researched vulnerabilities that affect intelligent devices and released reports to help customers understand risks in the connected home and drive security awareness in the vendor space.
This article, part of a series developed in partnership with Tom’s Guide, aims to shed light on the security of the world’s best-sellers in IoT. Tom’s Guide contacted the research team at Bitdefender and asked us to look at several popular devices, including the Maximus Answer DualCam Video Doorbell. More information is available in this article published on our partner’s website.
Bitdefender’s researchers scrutinized the Maximus Answer DualCam Video Doorbell and found that it’s actually pretty secure. And that’s something that we can rarely say about the devices we investigate.
Video doorbells capture a lot of valuable and sometimes private data, so it’s easy to see why it would be a prime target for attackers. Bitdefender looked at other similar devices, including a version of Amazon’s Ring doorbell, and the picture wasn’t pretty.
One of the problems with modern IoT devices is that companies rush them out the factory door, security be damned. Manufacturers flood the market with poor-security IoT devices, and people are all too happy to buy them with little to no regard for their privacy.
Everything but the kitchen sink
The Maximus Answer DualCam Video Doorbell is a two-camera IoT device with night vision capabilities and a 180-degree view, letting users monitor both the people who come to the door and any packages they leave.
Assume you’re a hacker aiming to compromise this camera. You will have a tough time. First of all, most of the communication takes place through OpenVPN, which is secure against tampering and eavesdropping.
But while you’re tampering with the device, you notice that the server certificate is not verified. In theory, an attacker could impersonate the server, but that’s not possible without the ta.key file (to authenticate TLS connections) and some way to convince the camera to connect to another server.
Since the camera doesn’t verify the server certificate, an attacker could, technically, intercept the logs through a man-in-the-middle attack. But since the logs contain no sensitive information, it would be almost pointless.
Fine, you’ll force the camera to check for a firmware update and serve a tainted firmware through a man-in-the-middle attack. Unfortunately, the firmware is signed, and the camera would discard the new firmware due to a signature mismatch.
The next move is to check for open ports, but that’s also a no-go. The manufacturers took the time to implement iptables rules properly.
Maybe compromising the Bluetooth connection with the Kuna app is the way to go, but the communication is secure. It turns out that the Bluetooth connection can be established at any time to change the Wi-Fi network, but only the camera owner can initiate it.
That leaves direct hardware access as the last point of entry. You quickly notice that UART serial connection is exposed, and you can stop the boot process by shorting the TX and RX pins. The bootloader will ask for a password, which is unknown, putting a stop to your efforts.
This is just a small part of Bitdefender’s investigation into this doorbell, in partnership with Tom’s Guide, which aims to shed light on the security of the world’s best-sellers in the IoT space. You can check out the full investigation to see the entire process.
We don’t often encounter devices that can stand up to such scrutiny, but the investigation provides insight into what hackers would have to go through when they try to make our digital world less secure.