Four New Video Doorbells and Home Security Cameras Are Vulnerable to Hacking
Consumer Reports’ tests of 13 devices reveal which ones have problems and which are best at protecting your personal information
Consumer Reports discovered 11 security vulnerabilities in four new video doorbells and home security cameras—potentially exposing their owners to hacking and leaks of personal data, including email addresses and WiFi passwords.
The concerns were discovered during a CR evaluation of 13 devices, including models from popular brands like Arlo, Blink, Logitech, Ring, and Wyze.
The video doorbells and home security cameras where CR uncovered vulnerabilities are:
Consumer Reports shared its findings with the manufacturers, and their responses are below. All said they would address the issues identified.
“We appreciate the companies’ responsiveness to CR’s findings and understand that they are in the process of addressing the concerns we found,” says Glen Rockford, CR’s program manager for product testing and privacy. “Since revealing the vulnerabilities would put consumers who own the affected cameras at risk of being hacked, we will not be disclosing the full findings at this time, and will report back to consumers when we’ve verified that fixes are in place.”
As vulnerabilities are fixed and verified by CR, we will update the products’ scores in our ratings.
In our tests for data privacy, none of the models earned a rating of Excellent or even Very Good across the board. Companies tend to do a better job of keeping customers’ personal data secure from hackers—many receive Excellent or Very Good ratings for data security—than they do of preventing themselves from collecting your data and sharing it with others.
In all, we tested seven video doorbells and six home security cameras, made by Arlo, Blink, Bosma, Eufy, Logitech, Netatmo, Nooie, Ring, and Wyze. Below are our methodology and our findings. For information on how well these cameras and doorbells fared in performance tests in our labs, such as for video quality and response time, check our video doorbell ratings and home security camera ratings.
How We Test Data Privacy and Data Security
Consumer Reports’ Digital Lab evaluates a number of digital products and services, including video doorbells and wireless home security cameras, on how well they protect consumers’ data privacy and security. Our experts in the Digital Lab design our privacy and security tests using The Digital Standard, an open-source set of criteria for evaluating digital products and services created by CR with other organizations, scoring cameras and doorbells on more than 70 factors.
Highlights From CR's Privacy and Security Tests
When it comes to data privacy, all but one device in our latest tests—the Netatmo Smart Video Doorbell—receive a Fair rating. The Netatmo receives a Good rating, which falls in the middle of our ratings scale and makes it a somewhat better choice for consumers worried about their privacy.
“The Netatmo doorbell receives a higher score than the other brands’ doorbells due to the explicit claims Netatmo makes in its privacy policies,” says Fred Garcia, one of CR’s test engineers for privacy and security. “The company explicitly states a variety of ways it uses your data and that it will delete your data after three years.”
For data security, most of the cameras and doorbells fared much better. The Arlo Essential Wireless Video Doorbell, Arlo Pro 4 security camera, Blink Outdoor security camera, and Logitech Circle View Doorbell all receive Excellent ratings for data security. Another five devices—the Netatmo Smart Video Doorbell, Nooie Cam Indoor, Ring Indoor Cam, Ring Video Doorbell Wired, and Wyze Cam V3—receive Very Good ratings for data security.
All of these devices support or prompt users to set up two-factor authentication, which adds an additional layer of security to your account by having you enter a secondary one-time passcode that you receive via text, email, or an authentication app when you log into your account. In addition, the manufacturers continually release security updates for their products, helping to protect them from new threats as they emerge. (Just keep in mind that the updates might not install automatically, so you may need to periodically check for them.)
On the other end of the data-security spectrum are the Bosma Sentry Video Doorbell, Bosma X1 security camera, and Eufy Video Doorbell 2K (Battery-Powered). These devices receive Fair ratings for data security. Based on our findings, Bosma and Eufy do not claim to conduct internal security audits, nor do they have vulnerability disclosure programs, where hackers and researchers are encouraged to disclose security flaws to the company, sometimes in exchange for a fee.
Highlights From CR's Security Vulnerabilities Assessment
Though we can’t disclose all of the vulnerabilities we found in the Bosma, Eufy, and Nooie models, we can tell you how each company responded when we approached it about the vulnerabilities, and when to expect fixes if you own one of the affected cameras.
For any connected device, your best form of defense against hackers is the security updates that manufacturers often release for their products. “In general, you should check regularly to see if there are any firmware updates for your connected devices, as well as any software updates for their apps. Updates might install automatically, but you should still check to be sure,” Garcia says.
Below are the details on Bosma, Eufy, and Nooie.
Affected models: Bosma Sentry Video Doorbell, Bosma X1 security camera
Bosma’s response: “We at Bosma take a very serious approach to the safety and security of our products and our user’s privacy,” says a company spokesperson.
The fix: Bosma says it will be releasing firmware and app updates to fix the vulnerabilities by the end of June 2021.
Affected model: Eufy Video Doorbell 2K (Battery-Powered)
Eufy’s response: "The Eufy team is aware of this issue,” says a company spokesperson, adding that software updates will be rolling out soon.
The fix: Updates to the Eufy Security app for iOS and Android will be released soon, the company says. Keep checking the Apple App Store or Google Play Store for an update to fix the vulnerabilities.
Affected model: Nooie Cam Doorbell
Nooie’s response: A Nooie spokesperson acknowledged the vulnerabilities we found and said that the issues would be fixed soon.
The fix: Nooie already patched one high-risk vulnerability via a firmware update, which has been confirmed by CR, but other lower-risk vulnerabilities remain. Keep checking the Nooie Cam app for firmware updates to resolve these concerns.
Top Video Doorbells From CR’s Tests
Here are the top three models from our latest video doorbell ratings. They all rate Fair or higher for data privacy and Very Good or higher for data security.
Top Home Security Cameras From CR’s Tests
Here are the top three models from our latest wireless home security camera ratings. They all rate Fair or higher for data privacy and Very Good or higher for data security.