Anyone on the Internet Can Ring Your Doorbell

You can enumerate them against the API.

I think the distinction is: physical access helps bootstrap the research, but the resulting key/signing logic is not device-specific

I think that eeally depends on regions. Where I am located, nobody will ever knock and everybody uses the door bell.

An attack that could remotely ring my old-fashioned hard-wired doorbell would be really cool to read about. It's the classic electromechanical style with an AC line transformer wired directly between the chime & the button.

So many of them are hosting some sort of server they /have/ to talk back to. Wouldn't be so bad if they just acted entirely self contained...

So the question is, what is the vendors benefit from running these servers.

I think they’re more secure by the virtue of being niche. Nobody will build an exploit chain to sniff for and target these devices.

add in a "ghost"

You should probably get a cheap IoT camera to keep an eye on that printer!

I have a poe reolink camera doorbell that I am yet to install...

Your printer doesn't make weird noises?

I would love if my printer was more dumb. It's cheaper to buy an AIO than a separate document (with duplex) and flatbed scanner.

The Battlestar Galactica rule. I find comfort in it as well.

Picturing the scene from Where The Buffalo Roam.

... but I think that was a fax machine.

Funny thing, that. They actually have Activation Lock (of sorts).

I regret it now but a few years back someone had moved into a home, dumped their Ring doorbell that came with the house, and we shoved it on our house. When we went to set it up Ring blocked the setup attempt because it was account bound.

... Apparently if you call Ring to release it (they can), frontline CS can see the entire log of when the doorbell was online, when it was last rung, and used that information to go "oh, it hasn't been rang in like eight months" to decide that I wasn't some criminal and that I can set up the doorbell myself.

While true in general, this devices approach to security is an open doorway with a curtain in it to prevent access with they key hanging next to it in case there accidentally is a door. The security footprint is so low it should be called out as non existent.

noticed how spam has that utility for many elderly (which further incentivizes the abuse)

Or an even worse idea: What if ads started ringing your doorbell suddenly?

I'd like my doorbell camera to have a cat detector and a meow detector so when my cats meow at the door, it rings the doorbell. My cats have gps collars and distinctive fur and meows, so it could double check so other cats can't spam me. That way each cat could have its own distinctive ring (like their distinctive meow, amplified).

I find it completely unreadable and give up within a paragraph or 2 every single time.

I say that as someone who uses LLMs daily too, and isn't a hater of them. Nothing wrong with using an LLM to help come up with content wording or to proof-read your writing etc etc, but just copy-pasting LLM output directly into a blog is lazy and instantly signals that it's not worth my time to read it.

Yes, I stopped reading here:

> $12 on the front. Whole-network compromise on the back.

Too bad since the topic on its own seems very interesting.

Mine is not only hardwired, but I mounted it kinda wrong and you need to press the dead center for it to ring :)

It's the only way doorbells (and almost all other appliances) should be.

Your doorbell has an excellent threat model

Mine too. Not only that, the breaker for the transformer is switched off because the postman used to come right as my then-2-year-old was going for his nap. He's nearly 6 now and has not had an afternoon nap for a long time, and at some point I'll flip the breaker back on when I'm getting my jacket out of the hall cupboard.

But I didn't do that yesterday, I don't think I'll do it today, and it's not looking good for tomorrow either.

I could train a crow to fly over and peck it.

Electromagnetic triggers. Find the right frequency and resonate it.

Since i like tech, once i was also interested in a smart doorbell or lock. My wife very much disliked the idea, because she thought it could prevent us to even enter our own house when the tech fails.

Then one day i watched my neighbour trying to get into his own house, because his smart lock and doorbell system failed horribly. This took several hours. It started raining. I learned a lot of new swear words from my neighbours wife which were directed to her husband.

Once again, my wife was totally right :)

Airtasker. Boom.

This is a security concern as well. I'd argue even worse than the internet connected ones. Anyone at your front door (or where the button is) can easily know if you're at home, and take advantage if you're not. With the internet connected ones, you can always pretend.