FCC to Fine Chinese Smart Doorbell Maker Amid Data Security Concerns

Security vulnerabilities ‘could allow a dangerous person to take control of the video doorbell on their target’s home,’ consumer advocacy says

A Chinese smart home device maker whose cameras have raised security and privacy concerns will be fined nearly $735,000 for allegedly making a false statement under a U.S. regulator’s proposal.

Eken, a Hong Kong-based company, has been selling doorbell cameras to the United States through major online platforms, but it failed to register a legitimate U.S. agent, violating the Federal Communications Commission (FCC) rules that require international companies to do so, the agency said in a press release on Nov. 21.

The FCC identified this issue as part of a broader inquiry into possible security and privacy violations by Eken, along with several other Chinese smart home manufacturers. The commission said its investigation remains ongoing.

The probe was triggered by the findings of a Consumer Reports investigation, which uncovered “serious” security vulnerabilities in Eken’s devices, including a troubling flaw that “could allow a dangerous person to take control of the video doorbell on their target’s home.”

Security Flaws

Accessing Eken’s doorbell cameras doesn’t require tools or advanced hacking skills, Consumer Reports said in their February report. All that’s needed is to create an account on the doorbell’s official app, Aiwit. Once in close proximity, malicious users can control the doorbell camera by pressing a button on the device to pair it with their smartphones.

Even after regaining control, the device owner remains at risk, as intruders can still access the camera’s feed using the camera’s serial number. No password or account is needed for continued access, and the camera owners won’t receive any alerts about the breach, Consumer Reports’s engineers found.

Other issues outlined in the report include the exposure of owners’ IP addresses and WiFi network names without encryption.

The consumer advocacy group found that Eken’s doorbells had been sold under at least 10 different brand names, all connected via the same app, Aiwit. As of the publication time, the app has over one million downloads on Google Play, indicating the widespread usage of such devices.

The findings have raised alarm bells in Washington. Sen. Marco Rubio (R-Fla.) called on the FCC to look into the “serious allegations against Eken and, if necessary, to hold retailers accountable for selling its dangerous and potentially unauthorized products,” according to a letter addressed to FCC Chair Jessica Rosenworcel dated March 7.

In addition to security flaws, Rubio also raised concerns about the lack of proper FCC ID labels on Eken’s devices, which could make sale, use, or even shipping into the United States illegal without it.

“Eken’s video doorbells are the latest in a long line of Chinese products that are dumped on our shores with no regard for our laws or the safety of our people.”

‘Real and Tangible Threat’

Consumer Reports said in April that the Chinese company had released a firmware update to address security vulnerabilities after discussions with their engineering team.

However, when the FCC sent an inquiry to Eken as part of its investigation, the agency found the address the company’s U.S. designated agent used had been inactive since 2019. Despite efforts to reach Eken’s representatives through letters and emails, the FCC said in its Nov. 21 statement that they had yet to hear from the Chinese company.

As a result, the commission announced an audit of “hundreds of certifications” that are registered with the same U.S. agent information as Eken.

Eken did not respond to The Epoch Times’ request for comment by publication time.

Rosenworcel raised concerns about the risks posed by Eken’s vulnerability. “The potential for abuse is vast—from theft to domestic violence to state-sanctioned surveillance by malicious state actors,” she said in a Nov. 21 statement.

Geoffrey Starks, an FCC commissioner, testifies during an oversight hearing to examine the Federal Communications Commission in Washington on June 24, 2020. (Jonathan Newton/POOL/AFP via Getty Images)
Geoffrey Starks, an FCC commissioner, testifies during an oversight hearing to examine the Federal Communications Commission in Washington on June 24, 2020. Jonathan Newton/POOL/AFP via Getty Images

FCC Commissioner Geoffrey Starks, who has urged Amazon, Shein, Temu, and other online shopping platforms to take down Eken’s doorbells, echoed these concerns.

“Insecure Internet of Things (IoT) devices pose a real and tangible threat to Americans,” he stated in a separate statement. “Devices that lack baseline cybersecurity protections, such as Eken’s video doorbells, dramatically increase the entry points for cyberattacks.”

He explained that when a device is compromised, it creates a backdoor into networks, enabling hackers to engage in “identity theft, espionage, and fraud”—costing consumers potentially “billions of dollars.”

Moreover, Starks warned these devices could be exploited as part of a botnet, contributing to large-scale attacks that threaten national security.

He pointed to a Chinese state-sponsored hacking group, dubbed Flax Typhoon, which managed to install malicious software on more than 260,000 IoT devices—including cameras, video recorders, and routers—setting the stages for cyberattacks in the United States and elsewhere.

That breach is just part of the Chinese Communist Party’s sweeping effort to infiltrate and exploit U.S. infrastructure.

​​“Salt Typhoon,” another China-backed cyberespionage operation that was uncovered last month, was believed to have compromised major telecommunications service providers, such as those of AT&T and CenturyLink.

Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, characterized this cyberattack as “unprecedented in its size and scope.”

“It has been, unfortunately, going on for some time,” Warner told The Epoch Times earlier this month.

“I think it will go down as maybe one of the most significant cyberattacks we’ve faced in our country.”

 

Read More