Security News > 2022 > August > Amazon fixes Ring Android app flaw exposing camera recordings

Amazon fixes Ring Android app flaw exposing camera recordings
2022-08-18 10:00

As the Ring Android app has over 10 million downloads and is used by people worldwide, the ability to access a customer's saved camera recordings could have allowed a wide range of malicious behavior, ranging from extortion to data theft.

When analyzing the Ring Android app, Checkmarx found that the app was exposing an 'activity' that could be launched by any other app installed on the Android device.

When creating an Android app, it is possible to expose that activity to other installed apps by adding it to the app's manifest file.

When examining the Ring Android app, Checkmarx found that the 'com.

Once a user was tricked into installing the app, it would execute the attack and send the attackers the Ring customer's authentication cookies.

To demonstrate the vulnerability in the Ring Android app and how threat actors could use it to find sensitive videos, Checkmarx shared the following video with BleepingComputer.


News URL

https://www.bleepingcomputer.com/news/security/amazon-fixes-ring-android-app-flaw-exposing-camera-recordings/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Amazon 59 4 39 61 15 119