Ring Camera Recordings Exposed Due to Vulnerability in Android App
House › Vulnerabilities
Ring Digicam Recordings Uncovered Because of Vulnerability in Android App
By Eduard Kovacs on August 19, 2022
Tweet
A vulnerability patched lately by Amazon within the Android app for its Ring surveillance cameras uncovered consumer knowledge and video recordings, in response to cybersecurity agency Checkmarx, whose researchers recognized the flaw.
Checkmarx researchers found earlier this 12 months that the official Ring Android app, which has been put in greater than 10 million instances from Google Play, was affected by a number of points that could possibly be chained to acquire info reminiscent of title, e-mail tackle, telephone quantity, bodily tackle, geolocation knowledge, and digital camera recordings.
The assault depends on a malicious software put in on the identical Android machine because the Ring digital camera app. Exploitation includes loading content material from a malicious internet web page, exfiltrating an authorization token to the attacker’s server, and utilizing the token to acquire a cookie wanted to name Ring APIs. These APIs might then be abused to acquire delicate consumer knowledge and recordings.
Checkmarx made the technical particulars of the assault public on Thursday, together with a video describing its potential influence.
Researchers demonstrated potential influence through the use of Amazon’s picture and video evaluation service Rekognition to automate the evaluation of recordings taken from Ring cameras in an effort to search out delicate knowledge or info that could possibly be worthwhile to an attacker. They confirmed how an attacker might discover delicate knowledge from screens or paperwork, and monitor folks’s actions in a room monitored by a Ring digital camera.
The vulnerability was reported to Amazon via its bug bounty program on Might 1 and an Android app replace that patches the flaw was launched on Might 27.
“We take the safety of our gadgets and companies critically and admire the work of unbiased researchers. We issued a repair for supported Android clients again in Might, quickly after the researchers’ submission was processed. Based mostly on our evaluation, no buyer info was uncovered,” a Ring spokesperson informed SecurityWeek.
It’s not unusual for hackers to focus on Ring merchandise, and Amazon has even confronted lawsuits from clients who had their cameras hacked.
*up to date with assertion from Ring
Associated: Ring Doorbell App for Android Sends Out A great deal of Person Knowledge
Associated: Good, or Not So Good? What the Ring Hacks Inform Us In regards to the Way forward for IoT
Associated: Critical Vulnerabilities Present in Firmware Utilized by Many IP Digicam Distributors
Get the Each day Briefing
- Most Current
- Most Learn
- FBI Warns of Proxies and Configurations Utilized in Credential Stuffing Assaults
- Ring Digicam Recordings Uncovered Because of Vulnerability in Android App
- China’s Winnti Group Hacked at Least 13 Organizations in 2021: Safety Agency
- Ransomware Group Threatens to Leak Knowledge Stolen From Safety Agency Entrust
- Google Blocks Report-Setting DDoS Assault That Peaked at 46 Million RPS
- Cybersecurity M&A Roundup for August 1-15, 2022
- Chinese language Cyberspy Group ‘RedAlpha’ Focusing on Governments, Humanitarian Entities
- SAP Vulnerability Exploited in Assaults After Particulars Disclosed at Hacker Conferences
- TXOne Networks Scores $70M Sequence B Funding
- Common ZTNA is Elementary to Your Zero Belief Technique
Searching for Malware in All of the Flawed Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Laptop Says About You
Be in a Place to Act By way of Cyber Situational Consciousness
Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice Yr To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
The best way to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
The best way to Defend Towards DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise
