Video doorbell security: how to stop your smart doorbell from being hacked

Being able to see who's at your door from your phone screen is very useful, but you don't want your doorbell also letting hackers into your home.

Smart doorbells have a camera in them and they are connected to an app on your phone. When the doorbell rings you get an alert on your phone so you can see, and even speak, to whoever is at your door.

With masses of brands, some more recognisable than others, releasing doorbells that cost anywhere from £30 to £300, our tests have found some don't do enough to stop hackers targeting your home and your data. 

How smart video doorbells get hacked

As with most internet-connected devices a strong password is vital. The easier your password is to break, the easier it will be for a hacker to gain access to your device and network. 

We've found doorbells with weak default passwords, such as '123456' or '000000' that will take a hacker using advanced password spamming software seconds to break. 

Worse still, not all of them press you to change your password. Don't wait for a reminder, change the username and password yourself.

Smart devices use their internet connection to send packets of data from the device to centres, some of which are on the other side of the world. This is normal, but we expect this data to be encrypted. 

Encrypted data means it's all been scrambled, so anyone managing to intercept it on its journey might as well be looking at some alien language: it will make no sense. 

If it's sending data unencryted then things like your device password, and even your wi-fi password could be visible to hackers who intercept the data.

There's also the risk of a full device takeover. This is as dicey as it sounds, a hacker would assume full control of your doorbell. 

Hackers could ring the doorbell at all hours of the night and change the volume. This is more mischievous than dangerous, but those same hackers could install malware on the doorbell that would give them unbridled access to your home network, and potentially other devices on it.

Could your smart doorbell be breaking the law? Read more about the laws around privacy and recording footage with video doorbells at the home.

What happens if my doorbell gets hacked

You'll probably never know, but the risks to your privacy and security are serious.

Device control

Having your doorbell ring at all hours of the night may just be an annoyance for some, but for elderly or vulnerable people this could be terrifying. They will also have access to your recordings and potentially when the house was empty.

Home network exploitation

Just like the doorbell is attached to the door of your home, a hacked smart doorbell can be a doorway to your entire network. Think of the amount of connected devices there are in your home and the kind of personal data on them. Laptops, smartphones, TVs; they are all at risk if a vulnerable doorbell gives a hacker access to you home network.

Online botnets

Botnets are an army of slave devices that have been hacked for nefarious purposes. The collective power of this army of smart devices is used to mount large scale attacks on companies, websites and servers. Devices with weak security, such as some of the doorbells we've tested, are easy prey for botnet recruiters.

How to keep your smart doorbell safe from hackers

Some smart doorbells have such catastrophic security failures that nothing short of a full redesign will get them up to security scratch, but other vulnerabilities can be avoided by making some changes to your device.

Change the password

There isn't a smart device in your home where you shouldn't change the password for it. The default one will almost always be weak and easy to hack. The most secure passwords you can set yourself will be a combination of three random words.

Keep it up to date

Software updates are usually beefing up security rather than adding new features. Turn the auto-update on if you can, or check regularly for new updates if you can't. It's not just the device itself, check the connected apps on your phone for updates, too.

Use two-factor authentication

Every additional layer of security is another hurdle for a hacker to climb over, and two-factor authentication is a tall hurdle. 2FA is an extra one-time use password that's sent when you try and login. It's usually sent to your phone so only you can see it, and once it's used you'd need to request a new one next time.

Turn it off

This sounds flippant, but we're serious. If you've bought a device that you suspect is unsecure then turn it off. It really isn't worth the risk to keep using a doorbell that's easy to hack. Our smart doorbell reviews specify if we found any significant security risks, so you can use them with peace of mind.

Delete your recordings and data

If you don't need the recordings taken by your doorbell then delete them, the same goes for any kept on cloud servers by doorbells with additional subscriptions. If you ever want to get rid of the camera then be sure to restore it its factory settings to ensure any of your personal data is deleted.

How to buy a secure smart video doorbell

Smart doorbells have gone from a relatively niche smart device to regular façade feature. Next time you're walking down the street just take note of how many doorbells have lenses.

There are plenty of well known brands, such as Nest, Arlo and Ring, which make them, as well numerous smaller brands releasing models for a fraction of the price. Unfortunately, it's these cheaper brands that you need to be wary of. They often look very similar, or even identical, but have a different brand name.

Our testing found many of these cheaper devices had security flaws.

You can't always trust customer reviews

We see time and time again that these low cost, similar-looking devices have hundreds if not thousands of glowing reviews. Pay attention to the negative ones to see if anyone has reported security flaws, and don't always take positive reviews at face value. Our research into fake reviews has found that they are far more common on lesser known, or unknown brands.

Check the brand

Have you heard of them, do they have a website, phone number or email address? If not then you should be wary. If you can't find them online then there's no one to contact if things go wrong. 

Do your research

You should take extra care when buying any device that involves safety or security. As well as checking customer reviews carefully, look for reviews on established tech websites – including of course, our own range of smart doorbell reviews.

How we test smart video doorbell security

Our smart video doorbell reviews assess how easy they are to use, the quality of the camera and their security. Only those that meet our high expectations for performance and security will be awarded a Best Buy.

Here are some of the security aspects we test:

• Password security: We check whether the device uses a weak default password, and if you are encouraged to change it, whether you have to choose a secure password (as covered above).
• Data encryption: We analyse what data the doorbell is sending and receiving to ensure that no important data, such as the password, is being sent without proper encryption.
• Decommissioning: At the end of our testing, we reset the product to factory settings and delete the app. We then try to set up the product again to see if any of your data has been retained, which would be a risk if you wanted to sell the doorbell.

If we find any significant vulnerabilities then we report them to the manufacture to share our findings. We urge the company to fix the issue and if they don't we won't recommend the camera.