Fortinet Discovers DoorBot Network Configuration Leak Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered a network configuration leak vulnerability in DoorBot.
The Doorbot, known as Ring now, is a connected doorbell that comes with network capabilities. It connects to a user's home Wi-Fi and allows the owner to interact with visitors via the doorbell from a smartphone, or receive mobile alerts about every ring on the doorbell. It can also be connected to existing doorbell wiring to allow answering the door using a smartphone.
The vulnerability can be attributed to the poor configuration of its GainSpan Wi-Fi module that provides an API to recover the Doorbot's network configuration in Plain Text.

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

DoorBot.Network.Configuration.Leak
Released Jun 05, 2015
No vendor patch so far.

Additional Information

The vulnerability was first reported to the vendor on March 13, 2015. After several rounds of communication, the vendor didn't respond any more. 6 months have passed since last communication, we still didn't get any response on the fix.

Acknowledgement

This vulnerability was discovered by Ruchna Nigam of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.