Flaw in Amazon Ring Android app could allow hackers to access camera footage – Has a patch been released?


After Amazon-owned Ring had the opportunity to quietly patch a flaw in May, Checkmarx reported the bug that could watch a customer’s recorded camera footage.

Checkmarx discovered a security flaw in Amazon’s Ring app

Security researchers Discovered a method to view video from a user’s Ring security camera earlier this year by breaking into the service’s Android app.

After Amazon-owned Ring had a chance to secretly fix the issue in May, cybersecurity firm Checkmarx disclosed the bug on August 18.

Specifically, the “com.ringapp/com.ring.nh.deeplink.DeepLinkActivity” process in the Android app for Ring cameras was vulnerable. This process was accessible to other Android apps running on the same device. This allowed malware to access the Ring app after being installed on the same Android phone.

The ability to view footage recorded by a customer’s camera could have enabled a wide variety of nefarious activities, ranging from extortion to data theft, given that the Android Ring app has over 10 million downloads and is used by individuals all over the world.

Further study revealed that they could execute the assault, according to Checkmarx researchers. As long as the intent’s target URI included the string “/better-neighborhoods/”, Ring’s Android app would “accept, load, and run web content from any server,” the company said. in a blog post.

The Checkmarx proof-of-concept attack loads a webpage configured to access and steal an authorization token for the Ring service via a malicious Android app. The customer’s personal information, including full name, email address, and phone number, as well as data from their Ring device, including geolocation, address, and records, can then be extracted to using this token using the Ring APIs.

The attack cannot infect Ring-enabled Android phones. If a hacker is successful, confidential information may be exposed. Checkmarx researchers also revealed how an attacker could use Amazon’s Rekognition machine vision technology to analyze Ring customer videos for private information.

Read also : China’s new Smart Dragon 3 rocket will launch tiny satellites soon

Amazon-owned companies are developing a TV program using Ring Doorbell and Smart Home Camera videos.

Ring and Hollywood studio MGM, two Amazon-owned companies, are collaborating to produce a TV program in the style of “America’s Funniest Home Videos” using popular Ring doorbell video and smart home cameras.

Wanda Sykes, actress and comedian, will host the half-hour show “Ring Nation,” which will debut in syndication on September 26.

The studio warned viewers to expect to see typical viral fare, like marriage proposals, neighbors helping neighbors and hilarious animals.

The show shows how Amazon’s many business units are working together, this time to showcase what MGM said are fascinating happenings from different American neighborhoods.

According to Robert Passikoff, CEO of brand intelligence company Brand Keys, “You have an organization that has two juggernauts that just figured out how to use one against the other.” Compared to written films or TV shows, he noted that a reality series using Ring video would likely be less expensive to make.

The program provides a branding opportunity for the Seattle-based e-commerce and retail giant, which acquired Ring in 2018 for $1 billion and had to address several privacy issues related to the app and its interactions with the country’s law enforcement agencies.

Amazon said last month that it had sent Ring doorbell images to law enforcement 11 times this year without user consent, all in response to emergency requests, the company said.

Read also : Ring, owned by Amazon, produces its own TV show called Ring Nation

Source link


Comments are closed.