News Tech: Amazon has fixed a security flaw that endangered Ring camera users’ privacy. According to reports, the Android app for the Ring camera has a flaw that gave malicious programmes access to user data, including location, camera recordings, and other information.
The researchers discovered several security flaws in the software that a malicious party may attack in a series of ways, to put it briefly. They started by noting how simple it was for other programmes to access the app’s com.ringapp/com.ring.nh.deeplink.DeepLinkActivity activity. As a result, a malicious app that was also installed on the same device as the Ring Android app might start the activity and fool the user into downloading further harmful software.
In a recent study, CheckMarx said that its experts had found a serious security flaw in the Ring mobile app that put users’ privacy at danger.
Regarding this activity’s exploit, the researchers stated,
With this cookie, it was then possible to use Ring’s APIs to extract the customer’s personal data, including full name, email, and phone number, and their Ring device’s data, including geolocation, address, and recordings.
The researchers have shared the PoC exploit in the following video. Researchers from CheckMarx informed Amazon of the vulnerability after finding it. Amazon subsequently released versions 3.51.0 and 5.51.0 of the Ring app for Android and iOS users, respectively, to address the vulnerability. Amazon further guaranteed that the vulnerability in the wild would not be exploited.
There have been more than 10 million downloads of the Android app for Amazon’s Ring cameras. This means that millions of users’ privacy and security were also at risk due to the vulnerability. Users must make sure they update their devices as soon as feasible with the corrected releases once Amazon patched the vulnerability and the PoC exploit became public in order to minimise risks.
Check the latest news about tech news section for best information.