New Amazon Ring Vulnerability May Have Exposed All Your Camera Records

Retail giant Amazon patched a highly critical security issue in their Ring for Android app in May that could have allowed a rogue app installed on a user’s device to access into sensitive information and camera recordings.

The Ring app for Android has been downloaded more than 10 million times and allows users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018.

Company app security Checkmarx explains that they have identified a cross-site scripting (XSS) vulnerability that they believe could be weaponized as part of an attack sequence to trick victims into installing a malicious application.

The application can then be used to get hold of the User Authorization Token which can then be used to extract the session cookie by sending this along with the device’s hardware ID, also encoded in the token, to the endpoint “ring[.]com/mobile/allow. “

Armed with this cookie, an attacker can log into the victim’s account without knowing their password and gain access to all the personal data associated with the account, including full name, email address, phone number and geolocation information as well as device records.

This is achieved by querying the two endpoints below:

account.ring[.]com / account / control-center – Get user’s personal information and device ID account.ring[.]com / api / cgw / evm / v2 / history / devices / {{DEVICE_ID}} – Access device data Ring and record

Checkmarx said it reported the issue to Amazon on May 1, 2022, then a fix was made available on May 27 in version 3.51.0. There is no evidence that the issue has been exploited in real-world attacks, with Amazon describing the exploit as “extremely difficult” and emphasizing that no customer information has been exposed. .

The development comes more than a month after the company moved to address a critical vulnerability affecting the Photos app for Android that could have been used to steal users’ access tokens.

.