Ring security flaw could have allowed hackers to spy on your saved videos — what to do

Ring Video Doorbell 4 review
(Image credit: Tom's Guide)

A high-severity vulnerability in Amazon’s Ring app for Android which could have allowed hackers to spy on users’ saved camera recordings has been discovered and quickly patched by the video doorbell giant.

As reported by BleepingComputer, the vulnerability was found by security researchers at the application security testing company Checkmarx who quickly shared their findings with Amazon.

As the Ring app for Android has been downloaded more than 10 million times and is used by people around the world, this flaw is particularly concerning which is why Amazon released a fix within the same month it was discovered. 

If you haven’t updated the Ring app for your Android smartphone recently, you should go ahead and install the latest version to prevent hackers from being able to gain access to the saved recordings from your home security cameras.

Ring Android app flaw

In a blog post detailing their findings, Checkmarx’s researchers explained that they found the Ring app for Android was exposing an ‘activity’ that could be launched by any other app installed on a user’s device.

The activity in question (com.ringapp/com.ring.nh.deeplink.DeepLinkActivity), was exposed inside the app’s manifest and this allowed other installed apps to launch it. By launching the activity, Checkmarx’s researchers found that they could set up a web server to interact with it. However, only webpages on the ring.com or a2z.com domains were able to interact with it, so the researchers bypassed this restriction by finding a cross-site scripting (XSS) vulnerability.

They then exploited this vulnerability to steal a Ring login cookie which allowed the researchers to use Ring’s APIs to extract personal data from customers including their full name, email and phone number as well as device data from their Ring products such as geolocation, address and saved recordings.

Armed with this knowledge, an attacker could have created a malicious app and uploaded it to the Play Store or another official app store. Once a user installed this app, it would carry out the attack and send Ring customer authentication cookies back to the attacker.

Using Amazon Rekognition for automated analysis

While this attack gave Checkmarx’s researchers access to saved Ring camera recordings, they decided to use computer vision technology to analyze all of the videos.

Although there are a number of different computer vision services they could have used, in the end, they decided to use Amazon’s own Rekognition service to automate the analysis of the saved recordings and to extract information that would be useful to hackers from them.

Amazon Rekognition celebrity recognition

(Image credit: Amazon)

By using machine learning, Rekognition is able to scan these saved camera recordings for celebrities, documents with certain keywords or even passwords that have been written down on post-it notes.

Amazon quickly patched the flaw 

Checkmarx first reported its full findings on the Ring Android app flaw to the Amazon Vulnerability Research Program on May 1. The company then quickly confirmed that it had received the report.

In less than a month on May 27, Amazon rolled out a fix for Ring customers on both Android and iOS that would prevent hackers from exploiting this security flaw in the wild.

As we mentioned earlier, Ring customers should make sure that their app is updated to the latest version which is 3.15.0 on Android and 5.51.0 on iOS.

In an email to Tom's Guide, a spokesperson from Ring provided the following statement on the matter:

"We take the security of our devices and services seriously and appreciate the work of independent researchers. We issued a fix for supported Android customers back in May, soon after the researchers' submission was processed. Based on our review, no customer information was exposed."

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Only 3 of the top 150 Android apps can detect reverse engineering tool Frida — here's why that's bad
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Cars on the road with blue overlay indicating what data may be contained about the drivers within
Millions at risk due to severe security flaw in license plate readers
DeepSeek logo on smartphone in front of merging US and Chinese flags
DeepSeek’s app contains serious privacy and security vulnerabilities that you should know about
Green skull on smartphone screen.
Hackers are using the Amazon Appstore to spread malware — delete this malicious app now
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Latest in Online Security
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Latest in News
iPhone 17 Air render
iPhone 17 Air leak reveals a design that's thicker than we thought
Sterling K. Brown in Paradise
Hulu top 10 shows — here's the 3 worth watching right now
iPhone 16
Hoping for a new iPhone 16 color? Here's why that's looking unlikely
iOS Photos app
iOS 18.4 Photos update makes it easier to sort, hide and delete your photos on iPhone — here’s what you can do
Dyson Purifier Cool (TP11) in office
Dyson just launched its new high-tech air purifier — right in time for allergy season
Nvidia RTX 5090
RTX 5060 breaks cover in Acer gaming PC — is Nvidia’s next GPU launch imminent?