New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings

Retail giant Amazon fixed a very serious security issue in its Ring app for Android in May that could have allowed a malicious app installed on a user’s device to access sensitive information and camera recordings.

The Ring app for Android has over 10 million downloads and allows users to monitor video feeds from smart home devices such as video doorbells, security cameras and alarm systems. Amazon acquired the doorbell maker for around $1 billion in 2018.

Application security firm Checkmarx explained it has identified a cross-site scripting (XSS) flaw that it believes could be weaponized as part of an attack chain to trick victims into installing a malicious application.


cyber security

The application can then be used to obtain the user’s authorization token, which can then be exploited to extract the session cookie by sending this information along with the device’s hardware ID, which is also encoded in the token, at the “ring” endpoint[.]com/mobile/allow.”

Armed with this cookie, the attacker can log into the victim’s account without having to know their password and gain access to all personal data associated with the account, including full name, email address, number phone number and geolocation information as well as device records.

This is achieved by querying the two endpoints below –

  • account.ring[.]com/account/control-center – Get user personal information and device ID
  • account.ring[.]com/api/cgw/evm/v2/history/devices/{{DEVICE_ID}} – Access Ring device data and records
cyber security

Checkmarx said it reported the issue to Amazon on May 1, 2022, after which a fix was made available on May 27 in version 3.51.0. There is no evidence that the issue has been exploited in actual attacks, with Amazon calling the exploit “extremely difficult” and stressing that no customer information was exposed.

The development comes more than a month after the company decided to address a serious weakness in its Photos app for Android that could have been exploited to steal a user’s access tokens.

Leave a Comment