Ring Camera Recordings Exposed Due to Vulnerability in Android App
Security researchers at Checkmarx discovered a security vulnerability in Ring surveillance cameras earlier this year. According to the security firm, Amazon has recently published a vulnerability affecting the Android app for the surveillance cameras. The flaw exposed user data as well as video recordings. The app had been installed more than 10 million times from the Google Play store, and was affected by the flaw until recently. Checkmarx reported that the flaw allowed individuals to chain it and obtain personal information including names, emails, addresses, phone numbers, physical addresses, geolocation data, and camera recordings.
Exploiting the flaw requires loading content from a malicious web page, exfiltrating authorization tokens to the attacker’s server, and ultimately using this token to obtain a cookie. This cookie is needed to call Ring APIs that could then be abused to obtain the personal information and recordings, says Checkmarx. On Thursday, Checkmarx publicly announced the details of the attack given that it had been patched by Amazon. In addition, the company released a video describing the potential impact of the flaw. Checkmarx first reported the vulnerability via Amazon’s bug bounty program on May 1 and an update was released on May 27. Ring users should be wary of the flaw and implement the patch released in May as soon as possible.