Application for Android Ringan Amazon-owned firm that offers doorbells and indoor and outdoor video surveillance cameras had a vulnerability that could have allowed threat actors to steal identity (opens in a new tab) data including geolocation and camera recordings.
Cybersecurity researchers at Checkmarx discovered the vulnerability in the com.ringapp/com.ring.nh.deeplink.DeepLinkActivity activity, noting that it was “implicitly exported to the Android manifest and as such was accessible to other apps on the same device. .
“These other apps may be malware that users can be persuaded to install. This activity will receive, download, and execute web content from any server as long as the target intent URI contains the string “/better-neighborhoods/”.
Theft of confidential data
In other words, a malware installed on an Android device can access sensitive data generated by the Ring app, not just geolocation and camera recordings, but also full names, email addresses, phone numbers, and postal addresses.
Android Ring has more than 10 million downloads to date.
Checkmarx went further by using Rekognition (an image and video analysis machine learning tool) to automate the analysis of stolen video content and extract additional useful information such as faces, text, public figures, information from computer screens, information about popular movements, and more.
Checkmarx notified Amazon of the vulnerability on May 1 of this year, and less than a month later, on May 27, the company patched it. Therefore, starting with version .51 (3.51.0 for Android and 5.51.0 for iOS), the vulnerability has been mitigated.
Amazon is treating this as a high-severity issue and has moved quickly to issue a patch (opens in a new tab).
“We released a fix for supported Android clients on May 27, 2022, shortly after the researchers’ request was processed. Based on our review, no customer information was exposed. This challenge would be extremely difficult for anyone to exploit because it requires an unlikely and complex set of circumstances to pull off,” the company concluded.
- Here is our summary the best video doorbells (opens in a new tab) so you can see and talk to everyone who comes to your doorstep
https://www.techradar.com/news/this-nasty-amazon-ring-vulnerability-could-have-exposed-all-your-recordings/
