CR Finds Vulnerabilities in 3 Brands of Video Doorbells, Cameras

of 13 devices, CR said Thursday. Devices with security issues were the Bosma Sentry video doorbell and X1 security camera, Eufy’s Video Doorbell 2K and the Nooie Cam doorbell. Other brands in the evaluation were from Arlo, Blink Logitech, Ring and Wyze. Consumers Reports didn’t disclose full findings “since revealing the vulnerabilities would put consumers who own the affected cameras at risk of being hacked,” said Glen Rockford, CR program manager-product testing and privacy. It will report again “when we’ve verified that fixes are in place.” Bosma and Eufy devices received “Fair” ratings for data security. The brands “don’t claim to conduct internal security audits, nor do they have vulnerability disclosure programs, where hackers and researchers are encouraged to disclose security flaws to the company, sometimes in exchange for a fee,” said CR. It posted responses from the affected companies. Bosma takes a “very serious approach to the safety and security of our products and our user’s privacy” and will release firmware and app updates to fix the vulnerabilities by the end of next month, it said. Eufy was aware of the issue and said software updates will roll out "soon.” Updates to the Eufy Security app for iOS and Android will also be released soon, the company told CR, which said consumers should keep checking Apple’s and Google’s app stores for updates to fix the vulnerabilities. A Nooie spokesperson acknowledged the vulnerabilities CR found and said the issues will be fixed soon. Nooie said it already patched one high-risk vulnerability via a firmware update, which CR confirmed, but other lower-risk vulnerabilities remain, it said. CR said users should keep checking the Nooie Cam app for firmware updates to resolve the issues.