Amazons Ring discreetly patched a security issue that exposed customers’ camera recordings – In May, Ring, which is owned by Amazon, secretly patched a “high-severity” security flaw that may have enabled hostile actors to access camera footage from Ring video doorbells and harvest customers’ personal information.
Checkmarx, an Atlanta-based application security firm, uncovered the weakness while studying Ring’s Android application. This program, which has been downloaded more than 10 million times, enables users to view footage captured by video doorbells and security cameras.
The researchers discovered that the app included many vulnerabilities that, when chained together, may have enabled attackers to exploit the vulnerability by building and releasing a malicious program or by sending an update to an existing app operating on the same device. If a potential victim is fooled into downloading a malicious application, the attackers would be able to collect authentication cookies, which are little files that enable a user to remain logged in without reentering their passwords.
With these cookies, an attacker may access a user’s account without their password, enabling a malicious software to obtain a Ring user’s complete name, email address, and phone number, as well as Ring device data such as camera recordings and geolocation information.
Checkmarx said that successful attackers might extract additional information from Ring camera recordings, including as information on papers or computer displays accessible to a Ring camera, or to track people’s movements inside rooms and buildings.
Ring patched the bug in version 3.51.0 of the Ring Android app on May 27 and informed Checkmarx that no customer data was compromised. When contacted, Ring spokeswoman Claudia Fellerman verified to TechCrunch that the issue had been patched.
Amazon purchased Ring for around $1 billion in 2018 Since then, the video doorbell manufacturer has extended its law enforcement ties to more than 2,200 U.S. police agencies, enabling officers to request footage from homes’ video doorbell cameras. Ring sent a record quantity of user data and customer video recordings to authorities in 2021, and has already shared customers’ footage with police 11 times in 2022 without their permission.
TechCrunch reported earlier this year that a security weakness in Ring’s Neighbors app exposed the exact locations and home addresses of users who posted to the service.
Click here to checkout more latest news on OL NEWS