walmart

$30-doorbell-cameras-have-multiple-serious-security-flaws,-says-consumer-reports

$30 doorbell cameras have multiple serious security flaws, says Consumer Reports

Amazon, doorbell camera, doorbell cameras, eken, Security, Tech, tuck, video doorbell, walmart / /

Video doorbell security —

Models still widely available on e-commerce sites after issues reported.

Image showing a delivery person saying

Enlarge / Consumer Reports’ investigation suggests that, should this delivery person press and hold the bell button and then pair using Eken’s app, he could see if other delivery people get such a perfunctory response.

Eken

Video doorbell cameras have been commoditized to the point where they’re available for $30–$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however.

Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: “troubling security vulnerabilities.”

The pairing procedure for one of Eken's doorbell cameras, which allows a malicious actor quite a bit of leeway.

Enlarge / The pairing procedure for one of Eken’s doorbell cameras, which allows a malicious actor quite a bit of leeway.

Eken

Among the camera’s vulnerabilities cited by CR:

  • Sending public IP addresses and Wi-Fi SSIDs (names) over the Internet without encryption
  • Takeover of the cameras by putting them into pairing mode (which you can do from a front-facing button on some models) and connecting through the Aiwit app
  • Access to still images from the video feed and other information by knowing the camera’s serial number.

CR also noted that Eken cameras lacked an FCC registration code. More than 4,200 were sold in January 2024, according to CR, and often held an Amazon “Overall Pick” label (as one model did when an Ars writer looked on Wednesday).

“These video doorbells from little known manufacturers have serious security and privacy vulnerabilities, and now they’ve found their way onto major digital marketplaces such as Amazon and Walmart,” said Justin Brookman, director of tech policy at Consumer Reports, in a statement. “Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm’s way.”

CR noted that it contacted vendors where it found the doorbells for sale. Temu told CR that it would halt sales of the doorbells, but “similar-looking if not identical doorbells remained on the site,” CR noted.

A Walmart representative told Ars that all cameras mentioned by Consumer Reports, sold by third parties, have been removed from Walmart by now. The representative added that customers may be eligible for refunds and that Walmart prohibits the selling of devices that require an FCC ID and lack one.

Ars contacted Amazon for comment and will update this post with new information. An email sent to the sole address that could be found on Eken’s website was returned undeliverable. The company’s social media accounts were last updated at least three years prior.

Consumer Reports' researchers claim to have found JPEG file references passed in plaintext over the network, which could later be viewed without authentication in a browser.

Consumer Reports’ researchers claim to have found JPEG file references passed in plaintext over the network, which could later be viewed without authentication in a browser.

Consumer Reports

CR issued vulnerability disclosures to Eken and Tuck regarding its findings. The disclosures note the amount of data that is sent over the network without authentication, including JPEG files, the local SSID, and external IP address. It notes that after a malicious user has re-paired a doorbell with a QR code generated by the Aiwit app, they have complete control over the device until a user sees an email from Eken and reclaims the doorbell.

With a few exceptions, video doorbells and other IoT cameras tend to rely on cloud connections to stream and store footage, as well as notify their owners about events. This has led to some notable privacy and security concerns. Ring doorbells were found to be pushing Wi-Fi credentials in plaintext in late 2019. Eufy, a company that marketed its “No clouds” offerings, was found to be uploading facial thumbnails to cloud servers to send push alerts and later apologized for that and other vulnerabilities. Camera provider Wyze recently disclosed that, for the second time in five months, images and video feeds were accidentally available to the wrong customers following a lengthy outage.

Listing image by Amazon/Eken

$30 doorbell cameras have multiple serious security flaws, says Consumer Reports Read More »

walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data

Walmart buying TV-brand Vizio for its ad-fueling customer data

acquisition, ads, Tech, TVs, Vizio, walmart / /

About software, not hardware —

Deal expected to close as soon as this summer.

Close-up of Vizio logo on a TV

Walmart announced an agreement to buy Vizio today. Irvine, California-based Vizio is best known for lower-priced TVs, but its real value to Walmart is its advertising business and access to user data.

Walmart said it’s buying Vizio for approximately $2.3 billion, pending regulatory clearance and additional closing conditions. Vizio can also terminate the transaction over the next 45 days if it accepts a better offer, per the announcement.

Walmart will keep selling non-Vizio TVs should the merger close, Seth Dallaire, Walmart US’s EVP and CRO who would manage Vizio post-acquisition, told The Wall Street Journal (WSJ).

Walmart expects the acquisition to be finalized as soon as this summer, it told WSJ.

Ad-pportunity

Walmart, including Sam’s Club, is typically Vizio’s biggest customer by sales, per a WSJ report last week on the potential merger. But Walmart’s acquisition isn’t about getting a bigger piece of the budget-TV market (Walmart notably already sells its own “onn.” budget TVs). Instead, Walmart is looking to boost its Walmart Connect advertising business.

Vizio makes money by selling ads, including those shown on the Vizio SmartCast OS and on free content available on its TVs with ads. Walmart said buying Vizio will give it new ways to appeal to advertisers and that those ad efforts would be further fueled by Walmart’s high-volume sales of TVs.

Walmart said today that Vizio’s Platform+ ad business has “over 500 direct advertiser relationships, including many of the Fortune 500” and that SmartCast users have grown 400 percent since 2018 to 18 million active accounts.

Walmart Connect (which was rebranded from Walmart Media Group in 2021) sells various types of ads, including adverts that appear on Walmart’s website and app. Walmart Connect also sells ads that display on in-store screens, including display TVs and point-of-sale machines, in over 4,700 locations (Walmart has over 10,500 stores).

Walmart makes most of its US revenue from low-profit groceries, WSJ noted last week, but ads are higher profit. Walmart has said that it wants Walmart Connect to be a top-10 advertising business. Alphabet, Amazon, and Meta are among the world’s biggest advertising companies today. In the fiscal year ending January 2023, Walmart said that its global ads business represented under 1 percent ($2.7 billion) of its total annual revenue. In its fiscal year 2024 Q4 earnings report released today [PDF], Walmart said its global ad business grew 33 percent, including 22 percent in the US, compared to Q4 2023.

Hungry for customer data

Owning Platform+ would give Walmart new information about TV users. Data gathered from Vizio TVs will be combined with data on shoppers that Walmart already gets. Walmart plans to use this customer data to sell targeted ad space, such as banners above Walmart.com search results, and to help advertisers track ad results.

With people only able to buy so many new TVs, vendors have been pushing for ways to make money off of already-purchased TVs. That means putting ads on TV OSes and TVs that gather customer data, including what users watch and which ads they click on, when possible. TV makers like Vizio, Amazon, and LG are increasingly focusing on ads as revenue streams.

Meanwhile, retailers like Walmart are also turning to ads for revenue. Through Vizio, Walmart is looking to add a business with the vast majority of gross profit coming from ads. Data acquired through SmartCast can shed light on ad effectiveness and improve ad targeting, Vizio tells advertisers.

In an interview with WSJ, Dallaire noted that smart TVs and streaming have turned the TV business into a software, not hardware, business. According to a spokesperson for Parks Associate that Ars Technica spoke with, Vizio has 12 percent of connected TV OS market share. WSJ reported last week that Roku OS has more market share at 25 percent; although, a graph that Parks Associates’ rep sent to me suggests the percentage is smaller (Parks Associates’ spokesperson wouldn’t confirm Roku OS’ market share or the accuracy of WSJ’s report to Ars). Roku OS is on Walmart’s “onn.” TVs, but Walmart doesn’t own Roku.

Vizio TVs could get worse

From the perspective of a company seeking to grow its ad business, buying Vizio seems reasonable. But from a user perspective, Vizio TVs risk becoming too centered on selling and measuring ads.

There was already a large financial incentive for Vizio to focus on growing Platform+ and the profitability of SmartCast (in its most recent earnings report, Vizio said its average revenue per SmartCast user increased 14 percent year over year to $31.55). For years, Vizio’s business has been more about selling ads than selling TVs. An acquisition focused on ads can potentially detract from a focus on improving Vizio hardware.

Stuffing more ads into TVs could also ruin the experience for people seeking a quality TV at a lower cost. While some people may be willing to sacrifice features and image quality to save money, others aren’t willing to deal with more ads and incessant interest in viewer tracking for that experience. With Vizio expected to become part of a conglomerate eager to grow its ad business, it’s possible that the ads experience on Vizio TVs could worsen.

Editor’s note: This article was edited to include information from Parks Associates. 

Walmart buying TV-brand Vizio for its ad-fueling customer data Read More »