After Amazon-owned Ring had an opportunity to address a flaw in May discreetly, Checkmarx reported the bug that could watch a customer's recorded camera footage.
Checkmarx Uncovered a Security Weakness From Amazon's Ring App
Security researchers discovered a method to see a user's Ring security camera video earlier this year by breaking into the service's Android app.
After the Amazon-owned Ring had a chance to covertly fix the issue in May, cybersecurity company Checkmarx revealed the bug on August 18.
Specifically, the process "com.ringapp/com.ring.nh.deeplink.DeepLinkActivity" in the Android app for Ring cameras was vulnerable. This process was accessible to other Android applications running on the same device. This made it possible for malicious software to get access to the Ring app after being installed on the same Android phone.
The ability to view a customer's recorded camera footage might have permitted a wide variety of nefarious activity, from extortion to data theft, given that the Ring Android app has over 10 million downloads and is used by individuals all over the globe.
Further study revealed that they could execute the assault, according to Checkmarx researchers. As long as the Intent's target URI included the string "/better-neighborhoods/," Ring's Android app "would accept, load, and execute web content from any server," the firm said in a blog post.
The Checkmarx proof-of-concept attack loads a web page configured to access and steal an authorization token for the Ring service via a rogue Android app. The customer's personal information, including complete name, email, and phone number, as well as the data from their Ring device, including geolocation, address, and recordings, may then be extracted using this token by using Ring's APIs.
The attack can't infect Ring-enabled Android phones. If a hacker succeeds, confidential information may be exposed. Checkmarx researchers also revealed how an attacker might utilize Amazon's Rekognition machine vision technology to scan Ring customer videos for private information.
Amazon-Owned Businesses are Developing a TV Program Using Ring's Doorbell and Smart Home Camera videos.
Ring and Hollywood studio MGM, two Amazon-owned businesses, are collaborating to produce a TV program in the style of "America's Funniest Home Videos" using popular video from Ring's doorbell and smart home cameras.
Wanda Sykes, an actor and comedian will host the half-hour program "Ring Nation," which will make its syndication debut on September 26.
The studio warned viewers to anticipate seeing the typical viral fare, such as marriage proposals, neighbors helping neighbors, and hilarious animals.
The show demonstrates how Amazon's many business units cooperate, this time to showcase what MGM termed fascinating occurrences from different American neighborhoods.
According to Robert Passikoff, CEO of the brand intelligence firm Brand Keys, "You have one organization that owns two juggernauts and just worked out how to use one against the other." In comparison to written movies or television shows, he noted that a reality series using Ring video would likely be less expensive to make.
The program offers a branding opportunity for the Seattle-based e-commerce and retail behemoth, which acquired Ring in 2018 for $1 billion and has had to address several privacy issues relating to the app and its interactions with law enforcement agencies around the nation.
Amazon said last month that it had 11 times this year sent Ring doorbell footage to law enforcement without the user's consent, all in response to emergency demands, the company said.