Smart doorbells are increasingly popular IoT devices designed to enhance home security; however, they may introduce significant vulnerabilities. Over the years, the market for video doorbells has increased drastically, further forecasted to expand even more; however, the vulnerability targeted in this study has not yet been discovered or addressed. Current video doorbell devices are designed in such a way as to support video recording either to the cloud ecosystem or to a local memory device, such as an SD card. This study identifies a critical physical attack vector based on the slot dedicated to local data storage, which allows an adversary to gain root access by inserting a malicious SD card into the device. Through hands-on reverse engineering and firmware extraction using tools such as a BIOS USB programmer and Linux-based analysis environments, multiple video doorbell models were examined to uncover security flaws in the mounting and execution of external storage devices. Some devices were found to execute scripts on SD cards with elevated privileges automatically and without any kind of authentication. This vulnerability permits attackers to flash firmware, view live video streams, and utilize the doorbell's Wi-Fi connection to influence other devices connected to the same network. Modern doorbells are mounted on a dedicated fastening that is secured with only a few screws, and removing it gives an attacker access to all the device input slots. Because of their typical outdoor placement, these doorbells are easily accessible, making the attack feasible with minimal exposure. Our findings demonstrate a dangerously overlooked threat within smart home ecosystems and underscore the urgent need for secure firmware design, authenticated external device handling, and improved physical safeguards in IoT hardware.
Video-doorbell, IoT devices, vulnerability, exposure, physical attack
© IACyC is conducted under the administration of the CyberMACS Erasmus-Mundus Masters Programme. cybermacs.org