Doorbells and IoT Security Certification: Retailers Need to Step Up – ReFirm Labs

Last July we announced our IoT Cybersecurity Education Program, providing free access to Binwalk Enterprise to help students learn about connected device cybersecurity. One of the early adopters has been Dr. TJ O’Connor, Assistant Professor at Florida Tech who used Binwalk Enterprise in his curriculum for the past two semesters.

Students Find Backdoors in Doorbells and Cameras

Today we published a guest blog by Dr. O’Connor and Daniel Campos, graduate student, outlining some of their research findings – and it is eye-opening, underscoring the insecurity of consumer devices.

While the blog is technical, they demonstrate dangerous backdoors in popular consumer doorbells and security cameras made by Merkury/Geeni that they purchased (and are still available) from top trusted retailers in the US such as Walmart, Amazon, Home Depot, Best Buy and more. The vulnerabilities include:

Violating Consumer Privacy… or worse

Backdoors like these will be used to completely violate consumers’ privacy by criminals, and put citizens’ security at risk when used by nation state hackers.

These aren’t the first doorbells and cameras to have horrible security – our friends at NCC Group recently published similar findings for other manufacturers whose products are sold by common retailers.

IoT Needs Cybersecurity Certification Labels

Just as you expect products you buy from name brand stores won’t catch on fire and burn down your house, consumers should demand that those same products won’t spy on them.

There are many emerging regulations pushing for IoT cybersecurity labeling to give consumers confidence in the products they buy. For instance UL 2900, ioXt Alliance, and the Singapore Cybersecurity Labelling Scheme to name a few. Labels allow consumers to make good purchasing decisions when it comes to cybersecurity, and force vendors to adopt secure development practices.

Retailers Need to Step Up

Labels also can be used by retailers to stop selling products that are insecure. Most retailers seem to be waiting for laws to be passed before stepping up to protect their customers.

They shouldn’t wait.

Retailers have an obligation to be proactive in pushing for proper cybersecurity in the IoT devices they sell. Think of it not only as doing something good for their customers, but as a differentiating factor in their retail strategy. Most people would prefer to shop at a place they know is looking out for their safety and best interests.

Retailers have policies to prevent selling products that burn down your house or make you sick – how about not selling horribly insecure IoT devices that turn your house into a hacker’s playground?

This content was originally published here.


0 out of 5 stars(0 ratings)

Get Updated Everyday!

Join AMH for the latest news in Smart Home Automation and more!

We promise we’ll never spam! Take a look at our Privacy Policy for more info.

Recent Comments


    Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email…

    Read more

    IoT and smart homes continue to be part of the conversation for 2021. With security, safety and financial prudence on…

    Read more

    In this guide we explain some step by step guide which is used to connect ring doorbell with the Amazon echo show.…

    Read more

    Share Great Content for Our Resource Section.

    About provides the latest news, information and product reviews in the world of Smart Homes and IoT. Our team carefully researches and reviews stories from around the web to provide you the best. Our community welcomes everyone to submit ideas.

    Submit ideas to:


    Subscribe to AMH Daily Updates

    Get the best news, expert tips and product reviews everyday!