Amazon Ring: a very dangerous security flaw has just been corrected

By realadmin On Ağu 21, 2022

Amazon Ring: a very dangerous security flaw has just been corrected

Arielle Lovasoa

August 19, 2022

In addition to excelling in the field of e-commerce and the Cloud, Amazon is a major player in home automation. The “Ring” brand security system is one of its most demanded products. This security system includes video doorbells as well as surveillance cameras. However, nothing is perfect and Ring products are no exception.

In May, a high-severity security flaw was detected. High seriousness because malicious people could have accessed the recordings of the Ring video doorbell cameras and extracted the users’ personal data. The company reacted quickly and has just released a patch for this security flaw. Fortunately, no one tried to take advantage of this temporary vulnerability.

Checkmarx researchers discovered this flaw

By analyzing the Ring app for Android, researchers from app security firm “Checkmarx” detected the flaw. They discovered that Ring contained several bugs that, when chained together, would have allowed hackers to access users’ personal data. All they had to do was create a malicious application and then trick their target into updating it. If the victim took the bait, the hackers obtained authentication cookies.

This way, they could access a user’s account without their password. And the malicious app allegedly stole full name, email address, phone number as well as camera recordings with geolocation data. But not only ! The attackers could also have extracted other information contained in documents or on computer screens visible by a Ring camera.

What you need to know about Ring

Amazon bought Ring four years ago. And since then, this video doorbell manufacturer has been working closely with law enforcement. Indeed, more than 2,200 police departments in the United States use this technology for investigations.

Time and time again, Ring has provided user data and customer video recordings to authorities without the account owner’s consent. Last year, the company shared images of customers with police 11 times. This drew a lot of criticism.

source