Installing a smart doorbell on your abode could actually increase your home's attractiveness to burglars, researchers from Britain's Cranfield University have said.
The defence 'n' security-focused institution's findings fly in the face of heavy marketing from companies such as Amazon's Ring, whose video-enabled doorbell product has been touted around the world as a security-enhancing gadget.
It's an 'affluence' clue...
Worse, for vendors, Cranfield University's Dr Duncan Hodges reckoned the presence of a smart doorbell was "unlikely" to have "any significant effect on residential burglary" rates. Instead, he said in a summary of a research paper published on the Centre for Research and Evidence on Security Threats' website, smart doorbells and smart locks could actually make things worse.
"These are devices that are particularly noticeable due to their deployment on the exterior of properties and can thus increase the salience of affluence cues – experienced burglars use these cues to identify properties with potentially more high-value items, during the target selection phase," he wrote.
Smart locks have long been a plaything for security consultants who enjoy contrasting vendors' claims about the tech-enabled gadgets with their actual efficacy. Back in 2016, before Amazon bought out Ring, we reported how the device leaked home Wi-Fi credentials and was vulnerable to a physical denial-of-service attack (you could remove it from the door by unscrewing two Torx screws).
Ring, Ring, why don't you give me a call? Amazon-owned doorbells aren’t answering after large-scale outageREAD MORE
Relying on internet-connected gadgets to secure one's home or to remotely view footage of folk knocking at the door leads to other failure modes not experienced with a physical lock and key; to wit, service provider outages KO'ing your smart security gadget.
Worryingly, the use of smart home security gadgets could, or so Cranfield said, lead to "an increase in group-performed planned burglary" with smart crooks exploiting "unintended information leakage in the cyber domain" to gain access to unsuspecting businesses' premises. Mildly reassuringly, this trend is "rare in residential settings at the moment."
A product called the KeyWe smart lock, which combined a traditional metal key with smartphone-based authentication, was rendered useless in late 2019 after Finnish infosec firm F-Secure looked closely at it.
The smartphone key could be sniffed in transit by a $10 Bluetooth Low Energy device, letting anyone overcome the device's technological unique selling point. Similarly, a startup called Tapplock produced a lock whose body consisted of cast zamak (a notoriously low-grade zinc-aluminium alloy normally used for door handles) and whose API merely checked for a valid token from any registered user before opening the lock, and not the unique valid token that the lock's purchaser might reasonably expect it to.
Cranfield's Dr Hodges told The Register: "If you are interested in securing your home, the best way is to take the £90 you would spend on a [smart] doorbell and upgrade the locks at your property's rear and install window locks.
"It's not cool or trendy, but it'll make a real difference. As with everything in security, it's no good securing the property's front but having the rear of the property being vulnerable." ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks