DigiNews

Summary

The article presents a detailed security disclosure of a low-cost smart doorbell platform, uncovering unencrypted control traffic, hardcoded and non-rotating credentials, and a weak signing scheme that enables fleet-wide takeover and impersonation. It documents hardware and backend weaknesses, attacker capabilities, and a phased analysis from wire traffic to onboarded firmware, ending with actionable remediation suggestions for IoT security and SMB IT practices.