Short video of a Ring sending a notification when pushed, followed by me launching a hacked copy of airodump-ng that sees the Ring appear immediately after its button is pushed and starts sending deauth packets, preventing the Ring from successfully sending a notification.
Conversation
It's a little racy - the code is jumping between frequencies while looking for a Ring, so in the worst case you end up with enough time for the notification to get through before you see it. But if you know which channel the Ring is on in advance, it's super reliable.
1
4
32
This form of attack isn't Ring specific, and there's really nothing novel here. Most wifi-based home security systems probably have similar failure modes.
5
12
48
youtube.com/watch?v=hN3L41 described this being used against Nest devices back in 2016, so there's literally years of prior art and it's still all broken.
3
3
36
802.11w defines support for protected management frames to prevent this type of attack, and it's enabled almost nowhere
4
6
43
ANYWAY yes it's trivial for people to design hardware to do this and also local laws may have opinions on the legality of doing this to other people's devices
3
4
27
Here's a blog writeup: mjg59.dreamwidth.org/53968.html
2
14
71
Nice. Similar to the basic stuff I was doing here, but I was just watching the frame rate of matching OUI’s.
Quote Tweet
2
6
35
Show replies