A high-severity vulnerability in Amazon’s Ring app for Android which could have allowed hackers to spy on users’ saved camera recordings has been discovered and quickly patched by the video doorbell giant.
As reported by BleepingComputer (opens in new tab), the vulnerability was found by security researchers at the application security testing company Checkmarx who quickly shared their findings with Amazon.
As the Ring app for Android has been downloaded more than 10 million times and is used by people around the world, this flaw is particularly concerning which is why Amazon released a fix within the same month it was discovered.
If you haven’t updated the Ring app for your Android smartphone recently, you should go ahead and install the latest version to prevent hackers from being able to gain access to the saved recordings from your home security cameras.
Ring Android app flaw
In a blog post (opens in new tab) detailing their findings, Checkmarx’s researchers explained that they found the Ring app for Android was exposing an ‘activity’ that could be launched by any other app installed on a user’s device.
The activity in question (com.ringapp/com.ring.nh.deeplink.DeepLinkActivity), was exposed inside the app’s manifest and this allowed other installed apps to launch it. By launching the activity, Checkmarx’s researchers found that they could set up a web server to interact with it. However, only webpages on the ring.com or a2z.com domains were able to interact with it, so the researchers bypassed this restriction by finding a cross-site scripting (XSS) vulnerability.
They then exploited this vulnerability to steal a Ring login cookie which allowed the researchers to use Ring’s APIs to extract personal data from customers including their full name, email and phone number as well as device data from their Ring products such as geolocation, address and saved recordings.
Armed with this knowledge, an attacker could have created a malicious app and uploaded it to the Play Store or another official app store. Once a user installed this app, it would carry out the attack and send Ring customer authentication cookies back to the attacker.