Ring patched an Android bug that could have exposed video footage


Enlarge / Ring digital camera photographs provide you with a view of what is taking place and, in a single safety agency’s experiments, an excellent base for machine studying surveillance.


Amazon quietly however shortly patched a vulnerability in its Ring app that would have uncovered customers’ digital camera recordings and different information, based on safety agency Checkmarx.

Checkmarx researchers write in a blog post that Ring’s Android app, downloaded greater than 10 million instances, made an exercise accessible to all different purposes on Android units. Ring’s com.ring.nh.deeplink.DeepLinkActivity would execute any internet content material given to it, as long as the deal with included the textual content /better-neighborhoods/.

That alone wouldn’t have granted entry to Ring information, however Checkmarx was ready to make use of a cross-site scripting vulnerability in Ring’s inner browser to level it at an authorization token. Subsequent, Checkmarx obtained a session cookie by authorizing that token and its {hardware} identifier at a Ring endpoint after which used Ring’s APIs to extract names, e mail addresses, cellphone numbers, Ring gadget information (together with geolocation), and saved recordings.

Checkmarx’s video, that includes footage checks and a hoodie-wearing hacker.

After which Checkmarx stored going. With entry to its personal instance customers’ recordings and any variety of machine-learning-powered pc imaginative and prescient providers (together with Amazon’s personal Rekognition), the safety agency went wide-angle. You may, the agency present in its checks, scan for:

  • Safes, and doubtlessly their mixtures
  • Photographs of paperwork containing the phrases “High Secret” or “Personal”
  • Identified celebrities and political figures
  • Passwords and passcodes
  • Kids, alone, in view of a Ring digital camera

To be clear, the vulnerability was seemingly by no means exploited within the wild. Checkmarx reported it on Could 1, Amazon confirmed its receipt the identical day, and a repair was launched (3.51.0 for Android, 5.51.0 for iOS). Checkmarx says that Amazon responded to the high-severity situation with acknowledgment but additionally deferral. “This situation can be extraordinarily troublesome for anybody to take advantage of as a result of it requires an unlikely and complicated set of circumstances to execute,” Amazon informed Checkmarx.

Erez Yalon, VP of safety analysis at Checkmarx, told The Record that taped-together vulnerabilities are coveted amongst hackers.

“Every can be problematic, however chaining them collectively, one thing hackers all the time attempt to do, made it so impactful.”

(Replace 1:50 p.m. ET: Up to date to right spelling of Erez Yalon’s identify. Ars regrets the error.)

Source link


Please enter your comment!
Please enter your name here