Government Regulations

Bevy of smart doorbell bugs earn Ekon an FCC penalty for negligence

Share
Hands holding a smartphone displaying the interface and video feed of a doorbell camera. the smart device showcases real-time surveillance footage, emphasizing modern home security solutions. essential technology for monitoring and ensuring safety at home.

The US Federal Communications Commission (FCC) proposed a $734,872 penalty against a smart doorbell manufacturer that was anything but.

According to a decision from the US communications watchdog, Hong Kong based doorbell vendor Eken failed to disclose a number of security vulnerabilities that placed homeowners in danger.

Investigators found that the hardware used for Eken smart doorbells contained a number of security vulnerabilities that were not properly patched. These include flaws that would have potentially allowed threat actors to remotely hijack the cameras and capture images or control camera views.

The audit is part of a larger effort by the FCC to investigate Chinese appliance vendors for possible access vulnerabilities that would allow threat actors to remotely spy on residents. This includes covert access to camera images, IP addresses, and WiFi network details.

In short, the vendors were accused of neglecting vulnerabilities that could allow for remote takeover of the targeted device. What is worse, the company in this case seems to have gone on the lam and given up its US operation.

“Any wireless device sold in the United States has to go through wireless interference testing and get an equipment authorization from the FCC before being sold. International companies applying for a U.S. equipment authorization must establish a US agent,” the FCC said in announcing the penalty.

“In the case of Eken, the agent, GSS Service Inc., based in Colorado Springs, CO, hasn’t responded to the agency’s inquiries, and the FCC’s investigators discovered that the agent’s address was a mailbox that had been inactive since 2019.”

Should the FCC be able to actually collect its fine against Eken for failing to properly secure its devices, the agency can look forward to a favorable response from the security industry. Consumer Reports director of tech policy Justin Brookman said that his company looks forward to seeing offending companies held accountable for their lapses in security.

“CR’s investigation uncovered serious security and privacy vulnerabilities with these devices that were being sold on major digital marketplaces such as Amazon and Walmart,” said Brookman.

“This proposed fine by the FCC is a step in the right direction to hold manufacturers accountable, but more needs to be done to ensure platforms are also held responsible for not selling products that put consumers at risk.”

Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Related

Senate panel OKs several cybersecurity bills

Numerous cybersecurity-related measures have been advanced by the Senate Homeland Security and Governmental Affairs Committee, led by the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, which would mandate the adoption of National Institute of Standards and Technology guidance-adherent vulnerability disclosure policies among federal contractors.

Related Terms

Business Impact Analysis (BIA)British Standard 7799Chain of CustodyCompetitive IntelligenceData CustodianDue CareDue Diligence

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.