Is your IoT doorbell calling China?

The discovery that a web-connected doorbell is connecting to a Chinese IP address for unknown purposes raises further questions about the future of the Internet of Things (IoT).

The world around us is changing. Everything is becoming smart and everything is becoming connected. Conservative estimates say that by the year 2020 we will have an Internet of Things with an install base of roughly 30.7 billion gadgets. It offers a convenience that we are adapting our everyday lives around without considering the consequences of living in such a connected world. The consequences of such a world came to fruition in an attack on DynDNS last year where an IoT virus had infected millions of gadgets which were then used to DDOS attack DynDNS, the backbone of a large portion of the Internet as we know it.

I fear that is only the beginning unless things start to change and once again we’ve seen another level of concern as the Ring Doorbell has be discovered to be sending data to Chinese servers.  Now, we don’t know who is behind the servers but an analysis has led to establish the servers being owned by Chinese company Baidu. Who is ultimately behind the servers and the compromised data is unkown but the point is the same; companies and products need to prioritize customers security and data privacy as we become an increasingly connected society.

Now Ring claims to care about security and attempting to place the blame directly on the manufacturer of the firmware of the device but as Jonas C. the founder of tech and gaming site ArmChair Empire, points out:

“Why give Ring so much slack here? I’d argue that by not creating their own firmware, or at least not having the source to the provided firmware so they can modify/fix it as necessary, they are most definitely not taking their own security or the security of their users seriously.”

This is the problem. If a customer facing company can’t be bothered to ensure third-party software and products that they use aren’t secure then they really do not care about the consumer at all.  I will give Ring a little credit as they did attempt to appease the masses on Reddit, but their reply to the situation just got shredded by tech savvy users who are rightfully upset by the security vulnerability.

Do we need our fridge to order milk for us? Do we need to control our lights with our phones? Do we need a doorbell camera that is providing live feeds to foreign companies? No, no and certainly not but if we are going to enjoy the fruits of our development we, as a collective need to be more in tune to what we are opening ourselves up to and more proactive in protecting us from our own evolution.

I would be all for a commission or certification for these products to go through in order to verify that they are indeed secure and that we consumers aren’t sacrificing our security and privacy for a little convenience. In the end, what we really need is for companies to take security as seriously as we all want them to because as the world gets more connected it also gets more vulnerable.

Photograph by Little Visuals

Share This