Video Doorbells
First Evaluation: August 2020
Latest Update: August 2020
Video doorbells make it easy to see who’s at your door, a convenience that provides a sense of security. But like any internet-connected security camera, they’re also susceptible to hacking. So as part of Consumer Reports' ongoing efforts to protect consumers from hackers, we recently conducted data security and data privacy tests on the 24 video doorbells in our ratings, including five new models.
“Often these cameras are pointing out into public spaces, but you still don't want to give hackers the ready ability to see who's coming and going from your house, and when,” says Justin Brookman, director of privacy and technology policy for Consumer Reports.
Consumer Reports’ Digital Lab evaluates digital products and services for how well they protect consumers’ data privacy and security. The most critical findings from our tests of video doorbells concern security vulnerabilities we discovered in five models from four brands that can expose user data like email addresses and account passwords. The brands are:
Our experts in the Digital Lab use The Digital Standard, an open-source set of criteria for evaluating digital products and services that CR created with other organizations, to conduct our security and privacy tests, scoring video doorbells on more than 70 indicators. Through these tests, our researchers created data privacy and data security ratings for each doorbell.
For data security, we use special tools to see if video doorbells have various security measures, such as encryption. We also look for, among other features, two-factor authentication, automatic software updates, and email notifications for when a user logs in from a new device or IP address.
For data privacy, we examine privacy setting options and publicly available documents, such as privacy policies and terms of service, to see how manufacturers collect and use your data, including whether they disclose how they collect your data and whom they share it with.
We also use more specialized techniques to look for potential security vulnerabilities that hackers could exploit to access the camera or personal data. “Since these techniques may not be comparative from model to model, we don’t incorporate it into our ratings,” says Maria Rerecich, senior director of product testing at CR. “But we do it so we can inform manufacturers of any issues we find and get them to improve the security of their products. Ultimately, our goal is to protect consumers from people who want to do them harm.”
Here’s a closer look at our findings. CR members can see the results of our performance tests, such as video quality and response time, in our video doorbell ratings.
[Excerpts gathered from Data Security and Privacy Gaps Found in Video Doorbells by Consumer Reports' Tests]
Data Security and Privacy Gaps Found in Video Doorbells by Consumer Reports' Tests. This article highlights that Consumer Reports’ tests revealed that most video doorbells lack two-factor authentication, a widely used security feature that sends users a temporary, onetime passcode typically via text message, email, phone, or mobile app to use in addition to their password for logging into their accounts. With this feature enabled, a hacker can’t log in to your video doorbell account even if they have your password.
In fact, barely a quarter of the brands we tested have two-factor authentication. The only ones that have it are Arlo, August, Google Nest, Ring, and SimpliSafe.
In addition, many video doorbell manufacturers fail to minimize the amount of data they collect from users and don’t offer consumers an easy way to request a copy of their data and/or delete it.
Key findings: Most video doorbells lack two-factor authentication
Only five of the 16 doorbell brands we tested offered two-factor authentication. They are Arlo, August, Google Nest, Ring, and SimpliSafe. They all encourage or require users to enable the feature, instead of burying it in the settings of the doorbell app.
“It’s 2020. Multifactor authentication should really be standard on any security camera or video doorbell nowadays,” says Brookman. “It provides a basic layer of protection to help ensure that hackers can't access your camera feeds.”
The doorbell brands that lacked this security feature at the time of our tests are Blue by ADT, Eufy, Geeni, GoControl, LaView, Maximus, Netvue, Night Owl, Remo+, Toucan, and Wisenet. Consumer Reports reached out to these 11 brands to see whether they plan to add the feature. We received responses from six companies:
Two-factor authentication is a critical security feature that we look for in our data security tests, but it’s not the only criteria we use in our evaluation. All the models met many other data security criteria, and as a result they all scored well. Two models, from Arlo and Google Nest, received an Excellent rating for data security, while 12 models received a Very Good rating. They include video doorbells made by August, Blue by ADT, Ring, SimpliSafe, Toucan, and Wisenet.
Over the past two years, Ring has made news due to hacks of its doorbell and camera accounts, security vulnerabilities in its doorbells, and scrutiny of its police partnerships. But our tests, conducted from May to June, showed that the security of Ring devices was quite good.