Budget doorbell camera manufacturer fixes security issues that left users vulnerable to spying

Eken Group has reportedly issued a firmware update to resolve major security issues with its cheap doorbell cameras that were uncovered by a Consumer Reports investigation earlier this year. The cameras in question pair with the Aiwit app and are sold under a slew of brand names, including Eken, Tuck, Fishbot, Rakeblue, Andoe, Gemee and Luckwolf. During its tests, the watchdog found that the unencrypted cameras could expose sensitive information like home IP addresses and Wi-Fi networks, and allow outside parties to access images from a camera’s feed using its serial number. Now, Consumer Reports says the issues have been fixed — just make sure you update your devices.

Devices from those brands should now reflect a firmware version of 2.4.1 or higher, which would indicate they’ve received the update. Consumer Reports says its own samples got the update automatically, but it can’t hurt to double check in your settings considering the risks (that is, if you haven’t tossed the cameras out already). The publication says it’s confirmed that the update fixes the security problems. Eken also told Consumer Reports that the two doorbell cams it had rated with the “Don’t Buy” label — the Eken Smart Video Doorbell and Tuck Sharkpop Doorbell Camera — have been discontinued.

These doorbell cameras, which were sold on popular ecommerce platforms including Amazon, Walmart and Temu but since appear to have been pulled, also lacked the proper labeling required by the FCC. The company told Consumer Reports it will add these IDs to new products moving forward. Following its tests of the update, Consumer Reports has removed the warning labels from its scorecards.