News Tech: You might want to immediately check for an update for the Ring Android app if you use Amazon’s Ring doorbells or security cameras and manage those through the app. A critical security flaw in the app that could have allowed video footage to be exposed to remote attackers was recently addressed by the business. In late May, the app’s version 3.51.0 included a fix for the issue. The vulnerability in the Ring Android app was found by researchers at the software security firm Checkmarx. The company claims that because of bugs in the app, other apps on the same device were able to access its content. It may also leak the user’s private information, such as full name, email, phone number, and address, in addition to video recordings and geolocation.
Checkmarx reported this finding to Amazon on May 1. The company promptly responded to confirm receiving the report, acknowledging that it was a high-severity issue. On May 27, it released a patch to fix the vulnerability in the Ring Android app. In an official statement, Amazon said that it has no evidence of anyone exploiting this vulnerability to gain unauthorized access to customer information or video footage. The company further added that the bug was extremely difficult to exploit. It required “an unlikely and complex set of circumstances to execute,” Amazon said. But it still posed a major threat to millions of people globally. The app has over ten million downloads on the Google Play Store.
While developers of trusted apps wouldn’t look to exploit this vulnerability, bad actors could trick users to install malicious apps and gain access to the Ring app‘s content. This could lead to a devastating attack. With access to the camera feed, attackers could not only see the movement of people in the house but also gain access to sensitive information that the camera records. For example, the camera may record someone entering their login credentials or payment info on a mobile or computer screen.
Thankfully, it’s been three months since the patch was released. So most Ring customers may have already installed the new version of the app (v3.51.0 or higher). However, if you have auto-updates disabled and didn’t manually update the Ring app in the past few months, you might still be vulnerable to it. So make sure to check for an update immediately. You can click the button below to download the latest version of the app from the Play Store. Sumit is passionate about technology and has been professionally writing on tech since 2017. He’s a mathematics graduate by education and enjoys teaching basic mathematics tricks to school kids in his spare time. Sumit believes in artificial intelligence and dreams of a fully open, intelligent and connected world.
Check the latest news about tech news section for best information.