Amazon, Walmart, others are selling video doorbells that can be hacked, report finds

The devices are also sold by Walmart, Sears, and other retailers—and big platforms have faced few consequences for shipping flawed products.

Video doorbells sold by Amazon, Walmart, Sears and several online retailers can allow hackers to find user’s home IP addresses and WiFi network names, potentially allowing access to a user’s home network, a report from Consumer Reports says.

>> Read more trending news

Issues were found with a dozen video doorbells sold under brand names including Eken and Tuck, according to CR. All are made by the Eken Group, based in Shenzhen, China, and controlled through a mobile app called Aiwit, which Eken operates, CR said.

Eken and Tuck are not well-known brands in the video doorbell market, yet they are relatively strong sellers online, according to CR.

The doorbells appeared in multiple listings on Amazon, with more than 4,200 sold in January alone.

“These video doorbells from little-known manufacturers have serious security and privacy vulnerabilities, and now they’ve found their way onto major digital marketplaces such as Amazon and Walmart,” said Justin Brookman, director of tech policy at Consumer Reports.

“Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm’s way.”

Some issues CR reports the video doorbells have include:

  • Exposure of a user’s home IP addresses and WiFi network names to the internet without encryption, potentially opening a user’s home network to malicious activity.
  • Ability of potential bad actors to take over the device by downloading the Aiwit smartphone app and entering the doorbell into pairing mode, allowing them to take ownership of the device, view camera footage and lock out the owner of the device.
  • Remote access to still images from the video feed and other information without authentication, by acquiring the serial number of the doorbell.

In an emailed statement to CBS News, one online seller, Temu, said that it prioritizes consumer safety and privacy and has suspended sales of the identified doorbell camera models from Tuck and Eken.

“We require all sellers on our platform to fully comply with the laws and regulations of the markets in which they sell, including providing necessary product documentation. We regularly conduct spot checks at our affiliated warehouses to enforce this policy,” the company stated.

Walmart has also removed the video doorbells from its site.

“Like other major online retailers, we operate an online marketplace that allows third-party sellers to offer merchandise to customers through our eCommerce platform. We expect these items to be safe, reliable and compliant with our standards and all legal requirements. Items that are identified to not meet these standards or requirements will be promptly removed from the website and remain blocked,” Walmart officials said in a statement.

Eken Group, Amazon, Sears and Shein didn’t comment in response to outreach from The Washington Post concerning the doorbells. On Wednesday night, the doorbells appeared to still be available on Amazon.