China-based doorbell manufacturer sued over security issues

The Federal Communications Commission wants to fine Hong Kong-based Eken for security vulnerabilities in its wireless home doorbells. Photo (c) Eken

Feds probe Eken and other Chinese manufacturers for potential privacy and data security violations

The Federal Communications Commission (FCC) has proposed a $734,872 fine against Eken, a Hong Kong-based smart home device maker, for providing false U.S. agent information during the equipment authorization process.

The action comes after a Consumer Reports (CR) investigation uncovered major security vulnerabilities in Eken’s doorbell devices.

Key Issues

  • False Agent Information: Eken listed a U.S. agent, GSS Service Inc., whose address was inactive since 2019 and did not respond to FCC inquiries.
  • Security Flaws: CR found that Eken’s doorbells exposed users to risks, including:
    • Hackers potentially gaining control of devices.
    • Leaked home IP addresses and WiFi network names.
    • Remote access to doorbell camera images.

FCC Actions

The FCC is auditing certifications tied to the same U.S. agent information as Eken. The agency's  Enforcement Bureau is investigating Eken and other Chinese manufacturers for possible privacy and security violations.

Justin Brookman of CR praised the fine, calling it a step toward holding manufacturers accountable. However, he urged platforms like Amazon and Walmart to stop selling products that pose risks to consumers.

"This proposed fine by the FCC is a step in the right direction to hold manufacturers accountable, but more needs to be done to ensure platforms are also held responsible for not selling products that put consumers at risk,” Brookman said.

After CR’s investigation, Eken met with CR engineers and released a firmware update to address the identified vulnerabilities.

All wireless devices sold in the U.S. must pass FCC testing for interference and have a U.S. agent for equipment authorization. 

Serious vulnerabilities

The security flaws uncovered in CR’s investigation could have allowed hackers or other bad actors to gain control of these devices and view images from the doorbell camera remotely.

The vulnerabilities also leaked home IP addresses and WiFi network names. Following CR’s investigation, Eken Group met with CR test engineers to learn about the issues we found and released a new firmware update to fix them.