Security flaw in Amazon’s Ring doorbells exposed
By Katie Saatchi and David Quinn, ´óÏó´«Ã½ Rip Off Britain
Video doorbells aimed at increasing home security are vulnerable to being hacked by a simple electronic device disguised as a digital watch, an exclusive investigation by ´óÏó´«Ã½ Rip Off Britain has revealed.
Doorbells such as Ring – a brand owned by Amazon – use Wi-Fi to capture video footage and can either record continuously or be triggered by movement nearby, such as a courier dropping off a parcel.
But Rip Off Britain’s investigation found that a device available on online platforms including Amazon can disable the doorbell’s internet connection, meaning the user receives no notification and no footage is captured.
The programme demonstrated a £30 ‘de-auther’ device bought from Amazon being used to disable a Ring doorbell camera at two properties, bypassing Wi-Fii security passwords in both cases.
Experts say the findings undermine the security credentials of Ring doorbells and any similar devices that connect to home Wi-Fi.
Watch Rip Off Britain’s report on ´óÏó´«Ã½ iPlayer
Stolen laptop
The team began its investigation after a viewer wrote in to seek help over the mysterious disappearance of a parcel he’d left on his doorstep to be collected by a courier.
Peter Murthwaite from Cambridgeshire said he left his house for 15 minutes and received no notifications from his Ring doorbell, but the parcel – containing a laptop – was no longer there when he got back. It turned out to have been stolen.
When Peter checked the recordings from his video doorbell, he found there was no footage available to view between him leaving and returning home again.
He said: “The doorbell video showed me leaving the house, placing the parcel behind the plant pot, walking away. And then the next video was me approaching the house and I could see that the parcel had gone.”
Researchers on the programme enlisted the help of technology expert David McClelland, who confirmed that a ‘de-auther’ or ‘signal jammer’ device purchased for £30 from Amazon was able to disable the recording and notifications from his own Ring doorbell, and Peter’s.
Amazon said there was no evidence to suggest that a wi-fi signal blocker was used in the case highlighted to it by the programme.
Parcel thefts on the rise
Rip Off Britain’s investigation comes as a survey by technology company Quadient shows more than 3.5 million homes had at least one parcel stolen in the last year – an increase of more than half a million. Based on FOI requests to UK police forces, it estimated £370 million worth of parcels were stolen from doorsteps during the period.
Thefts involving signal jammers appear to be an emerging threat to luxury car owners. In September 2024, a burglar from Greater Manchester was jailed after using a device to block a doorbell camera before breaking in and stealing the keys to a BMW.
De-auther devices claim to be able to suspend all Wi-Fi activity using what’s known as a ‘denial of service attack’.
This allows the user to block the internet connection of any vulnerable device within range, which can include video doorbells.
They’re sometimes sold under the guise of enabling the owner to test out the security of their own wireless devices.
Manufacturers ‘burying their heads in the sand’
In the programme’s demonstration, Peter’s doorbell camera was successfully blocked, with no passwords or security information required, and a crew member able to approach the front door undetected.
While the demonstration does not prove that this was how Peter’s parcel was stolen, David believes it raises serious security concerns for users of any video doorbell.
He said: “I was surprised on a number of fronts. First of all, how a cheap, easily available and pretty innocuous looking device has the power to attack and disable home security video doorbells that countless people have bought with the expectation and the promise of providing them with security.
“And while the manufacturers do seem to be burying their heads in the sand, they’re leaving customers open to a security vulnerability on the very devices that they're hoping and expecting will be securing their homes.”
Peter told the programme: “The manufacturers, the providers, they need to remove these vulnerabilities, remove these gaps that enable criminals to access our systems and enable us to protect ourselves better.”
Amazon removed some of the products from sale by third parties on its platform after Rip Off Britain got in touch, but has allowed other listings to remain live, saying the devices can have legitimate uses.
It said: “There is no evidence to suggest a Wi-Fi signal jammer was used when this customer’s laptop went missing. However, Wi-Fi signal interference can affect the performance of any Wi-Fi enabled device. Issues with connectivity can be linked to a number of causes including broadband network failures and high internet traffic, so we encourage customers to reach out to Customer Support if they are experiencing problems.”
‘Consumer burden’
The vulnerability may not be widely known by Ring doorbell owners, but Amazon is believed to have been aware of since at least December 2022 when it was informed by tech non-profit the Mozilla Foundation, which had conducted its own research.
When Amazon did not respond to calls to address the issue, Mozilla made the security weakness public in June 2023.
Jen Caltrider from the Mozilla Foundation told the programme: “Selling the device that compromises the other device that your company makes and sells is kind of the height of a bad look.
“The companies who build and sell this consumer technology have a huge responsibility to make that tech safe, secure and private and not put the responsibility or the burden on consumers to protect themselves. And companies need to do better. They should be required to do better because consumers just shouldn't have to bear that burden.”
‘Prohibited’ items
As well as Amazon, Rip Off Britain’s investigation found de-auther devices were available for sale by third-party sellers on eBay and AliExpress.
Regarding the product listings, Amazon said: “Third party sellers are independent businesses and are required to follow all applicable laws, regulations, and Amazon policies when listings items for sale in our store.
“We have proactive measures in place to prevent prohibited products from being listed and we continuously monitor our store for products which do not comply.
“Products which refer to potentially illegitimate uses are also prohibited, and sellers who do not comply with our policies are subject to action, which can include the removal of their account.”
eBay said: “These items are prohibited on eBay, so we immediately removed the listings reported to us by the ´óÏó´«Ã½, and other listings offering these items, from our site. We have also updated our block filter algorithms to help prevent future listings. eBay regularly monitors the marketplace using multiple layers of technology and professionally trained eBay investigators, supported by AI, to identify and remove any prohibited listings.”
Ali Express said: “As an online marketplace, AliExpress is committed to maintaining a responsible and compliant trading environment, and third-party sellers who list items for sale on our marketplace must comply with the applicable laws as well as with our platform rules and policies.
“We thank the ´óÏó´«Ã½ for sharing the product listings which we investigated and found to be in violation of our platform policies. They have been removed from our marketplace and action has been taken against the sellers involved.
“AliExpress has enhanced control mechanisms on ‘signal jammers’ and associated products, including conducting proactive scanning of the platform. These steps align with our policies on prohibited items and our overarching goal to maintain a safe and compliant platform. AliExpress remains dedicated to upholding compliance in our operations.”
