I’ve done it, I’ve found the solution to the ring doorbell problem.
If y’all haven’t read the news recently, the new thing is a the password stuffing attacks against Ring Doorbells. Basically Ring only required an email and a password to access the microphone and camera feed.
Obviously it’s the bare minimum to have something be secured. This resulted in hackers checking their database of leaked or breached credentials and accessing the ring cameras. Scary part is some people tried to extort bitcoin from Ring’s customers or some were just super creepy towards children (looking at the guys who told the little girl they were Santa Claus).
That said, some solutions I’ve read are using 2FA which ring should really have in place anyway. Others were to limit to IPs in the country the Ring Doorbell/Camera was activated originally. To me, these are ok but silly solutions.
Here is the real solution!
When you first activate the doorbell/camera require the customer to push a button on the ring camera/doorbell. Then only allow that connection. Think of it as a hardware one time 2FA.
Boom, I solved the problem. I’m ready for my reward from Ring.
What do you guys think? Would my solution Work? Or do you have your own solution?