Economic Fraud
Are Your Doorbells Spying on You? US Regulator Fines Doorbell Company Rs 6 Crore for Sending Private Photos to Cybercriminals
The US Federal Communications Commission (FCC) has proposed a $734,872 fine against Hong Kong-based smart doorbell manufacturer Eken for failing to address critical security vulnerabilities in its products, which could endanger homeowners. The FCC’s investigation revealed that Eken’s doorbells contained unpatched flaws, allowing potential remote hijacking of cameras, unauthorized access to live views, and capture of sensitive information like IP addresses and WiFi network details.
The vulnerabilities were uncovered during an FCC audit aimed at identifying potential risks in devices sold by Chinese manufacturers. The audit forms part of a broader effort to scrutinize appliance vendors for security gaps that could facilitate remote spying by threat actors. Investigators accused Eken of neglecting its responsibility to secure its devices, leaving consumers at risk.
To complicate matters, Eken has reportedly ceased its US operations. The company’s US agent, GSS Service Inc., based in Colorado Springs, has been unresponsive to FCC inquiries, and its registered address was found inactive since 2019. This lack of cooperation hindered the investigation and prompted the FCC to issue the fine.
The proposed penalty has drawn attention from security advocates, including Consumer Reports’ director of tech policy, Justin Brookman. He emphasized the importance of holding manufacturers accountable for lapses in device security. “CR’s investigation uncovered serious security and privacy vulnerabilities in these devices sold on platforms like Amazon and Walmart,” Brookman said. He welcomed the FCC’s action but called for stricter enforcement to ensure that online marketplaces are also held responsible for selling unsafe products.
The FCC requires all wireless devices sold in the US to undergo interference testing and obtain equipment authorization. The agency’s action against Eken serves as a warning to manufacturers about the consequences of negligence in securing connected devices. However, experts argue that more robust oversight is necessary to protect consumers effectively.