Widely available video doorbells could grant strangers easy access, report claims

If you recently installed a smart doorbell from one of the internet’s most common online retailers, package thieves could be the least of your problems.

According to a report released Thursday by Consumer Reports, the popular Eken and Tuck video doorbells—sold by Amazon, Walmart, and other retailers for about $30—could provide backdoor access into users’ at-home networks.

“They’re pretty cheap, which is why some people might have gone for them. But as we’ve seen with a lot of IoT products, when they’re super cheap, sometimes, they cut some corners,” CR’s director of tech policy, Justin Brookman, told us.

The security issue first came to CR’s attention while its researchers performed routine product assessments, leading to the discovery that the Eken and Tuck models “appeared to be the same product under different brand names.”

Overall, CR found roughly a dozen “seemingly identical” video doorbells under different names being sold across retail sites including Temu, Sears, and Shein, all manufactured by Shenzhen, China-based Eken Group Ltd. CR also found that they all pair with the same mobile app, the Eken-owned Aiwit, through which users control the devices.

Major red flag? The most notable security vulnerability CR discovered? Any person standing near the doorbell could “pair” their phone with it and take control of the device, Brookman said. Even after the device owner regains control, the stranger could continue to access images from the camera, Bookman said. This leaves the devices ripe for exploitation by bad actors.

“​The model I’m thinking of is an abusive ex-partner, right, who wants to track the house and see who’s coming and who’s going, or see when someone’s there and when someone’s not—and ideally doing it without the person or the victim knowing. That’s the scenario that I think is most concerning,” he told us.

Next steps: Bookman suggested that consumers who are using these doorbells “may still be able to get a refund,” adding that he “would try to find a way to return it.” When informed about CR’s findings, Temu and Walmart said they were reviewing the products, while Amazon, Sears, and Shein did not respond. Temu told CR that it had removed all Eken-made video doorbells from its website. However, CR found that “most of the products we found online were still available for sale on those retailers’ websites” as of the end of February.