A high-severity vulnerability in Amazon’s Ring app for Android which could have allowed hackers to spy on users’ saved camera recordings has been discovered and quickly patched by the video doorbell giant.
As reported by BleepingComputer, the vulnerability was found by security researchers at the application security testing company Checkmarx who quickly shared their findings with Amazon.
As the Ring app for Android has been downloaded more than 10 million times and is used by people around the world, this flaw is particularly concerning which is why Amazon released a fix within the same month it was discovered.
If you haven’t updated the Ring app for your Android smartphone recently, you should go ahead and install the latest version to prevent hackers from being able to gain access to the saved recordings from your home security cameras.
Ring Android app flaw
In a blog post detailing their findings, Checkmarx’s researchers explained that they found the Ring app for Android was exposing an ‘activity’ that could be launched by any other app installed on a user’s device.
The activity in question (com.ringapp/com.ring.nh.deeplink.DeepLinkActivity), was exposed inside the app’s manifest and this allowed other installed apps to launch it. By launching the activity, Checkmarx’s researchers found that they could set up a web server to interact with it. However, only webpages on the ring.com or a2z.com domains were able to interact with it, so the researchers bypassed this restriction by finding a cross-site scripting (XSS) vulnerability.
They then exploited this vulnerability to steal a Ring login cookie which allowed the researchers to use Ring’s APIs to extract personal data from customers including their full name, email and phone number as well as device data from their Ring products such as geolocation, address and saved recordings.
Armed with this knowledge, an attacker could have created a malicious app and uploaded it to the Play Store or another official app store. Once a user installed this app, it would carry out the attack and send Ring customer authentication cookies back to the attacker.
Using Amazon Rekognition for automated analysis
While this attack gave Checkmarx’s researchers access to saved Ring camera recordings, they decided to use computer vision technology to analyze all of the videos.
Although there are a number of different computer vision services they could have used, in the end, they decided to use Amazon’s own Rekognition service to automate the analysis of the saved recordings and to extract information that would be useful to hackers from them.
By using machine learning, Rekognition is able to scan these saved camera recordings for celebrities, documents with certain keywords or even passwords that have been written down on post-it notes.
Amazon quickly patched the flaw
Checkmarx first reported its full findings on the Ring Android app flaw to the Amazon Vulnerability Research Program on May 1. The company then quickly confirmed that it had received the report.
In less than a month on May 27, Amazon rolled out a fix for Ring customers on both Android and iOS that would prevent hackers from exploiting this security flaw in the wild.
As we mentioned earlier, Ring customers should make sure that their app is updated to the latest version which is 3.15.0 on Android and 5.51.0 on iOS.
In an email to Tom's Guide, a spokesperson from Ring provided the following statement on the matter:
"We take the security of our devices and services seriously and appreciate the work of independent researchers. We issued a fix for supported Android customers back in May, soon after the researchers' submission was processed. Based on our review, no customer information was exposed."
