a flaw allowed to spy on Android users

A security flaw has been identified in the Amazon Ring Android app. Thanks to this vulnerability, malware was free to steal users’ personal data and view videos recorded by doorbells and cameras. A fix has been deployed.

Checkmarx security researchers discovered a security flaw in Amazon Ring’s Android app. The companion application allows you to configure, control and access the brand’s connected doorbells and cameras. It has been downloaded over 10 million times on the Google Play Store since it went live.

In a report published on August 18, 2022, experts explain that they have identified a vulnerability in the code of the application. By exploiting this breach, a malicious program installed on the smartphone could theoretically have access personal data of the user.

On the same subject: a series will compile the best videos recorded by Amazon Ring doorbells

Ring customers’ personal data was at risk

Sensitive data includes the user’s full name, email address, phone number, and geolocation of the connected doorbell. De facto, home address could have been inferred by malicious actors.

Above all, the malicious application could have grab videos stored on the Ring doorbell. Equipped with a camera, it keeps a record of individuals who have pressed the bell, such as a relative or the postman. It can also start filming if a movement is spotted nearby. These sequences could have been used to organize a burglary or to blackmail the users.

Note that it is not uncommon for malware to target Android smartphones. Recently, Bitdefender discovered 35 Android apps hiding malware on the Play Store. A few days earlier, TrendMicro spotted 17 malicious applications on the Google store capable of siphoning off all your data.

Amazon has deployed a patch on Android

Contacted by Checkmarx, Amazon promptly deployed a patch to protect its users from a serious problem”. The American giant believes thatno hacker exploited the breach to carry out an attack. It took less than 30 days for Amazon to start deploying a patch.

“We deployed a hotfix for Android customers on May 27, 2022, shortly after the researchers’ discovery was addressed. Based on our review, no customer information was exposed. This flaw would be extremely difficult for anyone to exploit, as it requires an unlikely and complex set of circumstances to execute.”tempers Amazon.

This isn’t the first time Ring device security has come under fire. In 2019, a hacker took control of the Ring camera from an American family. After spying on everyone for several days, he used the camera speakers to terrorize a little girl. A few months later, Amazon Ring revealed that it had laid off several employees for viewing videos recorded by customer cameras.

Source :

checkmarx

Leave a Comment