"These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway." 29 February 2024

...David Della Rocca had found serious security flaws in this doorbell, along with others sold under different brands but apparently made by the same manufacturer. The doorbells also lack a visible ID issued by the Federal Communications Commission (FCC) that’s required by the agency’s regulations, making them illegal to distribute in the U.S.

Thousands of these video doorbells are sold each month on Amazon and other online marketplaces, including Walmart, Sears, and the globally popular marketplaces Shein and Temu. Experts say they’re just a drop in the flood of cheap, insecure electronics from Chinese manufacturers being sold in the U.S... 

..."Big e-commerce platforms like Amazon need to take more responsibility for the harms generated by the products they sell,” says Justin Brookman, director of technology policy for CR. “There is more they could be doing to vet sellers and respond to complaints. Instead, it seems like they’re coasting on their reputation and saddling unknowing consumers with broken products."...

...[Steve] Blair and Della Rocca [CR privacy and security test engineers] discovered the problems while evaluating a number of video doorbells for our regular ratings program. They were sold under two brand names, Eken and Tuck.

The two devices stood out not just because of the security problems but also because they appeared to be identical, right down to the plain white box they came in, despite having different brand names. Online searches quickly revealed at least 10 more seemingly identical video doorbells being sold under a range of brand names, all controlled through the same mobile app, called Aiwit, which is owned by Eken...

...CR tried to reach company officials at Eken and Tuck, to warn them of the problems, hoping to have the issues fixed before reporting on them publicly. We have not received responses...these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. Security experts worry there could be more problems, including poor security on the company servers where videos are being stored...Let’s imagine that an abusive ex-boyfriend wants to watch the comings and goings of his former partner and her children. He’d simply need to create an account on the Aiwit smartphone app, then go to his target’s home and hold down the doorbell button to put it into pairing mode. He could then connect the doorbell to a WiFi hotspot and take control of the device...

...In addition to contacting Eken and Tuck, Consumer Reports also told Amazon, Walmart, Sears, Shein, and Temu what we’d found.

Temu said in an emailed statement that it was reviewing CR’s findings and had removed from its website all video doorbells using the Aiwit app and made by Eken—but similar-looking if not identical doorbells remained on the site. Walmart told CR via email that it expects the products sold in its marketplace “to be safe, reliable and compliant with our standards and all legal requirements. Items that are identified to not meet these standards or requirements will be promptly removed from the website and remain blocked.”

Amazon, Sears, and Shein didn’t respond to questions from CR’s journalists.

As of the end of February 2024, most of the products we found online were still available for sale on those retailers’ websites....

...Eken didn’t respond to CR’s questions about its video doorbells...