Ring patched an Android bug that could have exposed video footage

 In Amazon, Biz & IT, Computer Vision, machine learning, ring, Security, video surveillance

Ring patched an Android bug that could have exposed video footage

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Ring camera images give you a view of what's happening and, in one security firm's experiments, a good base for machine learning surveillance.

Enlarge / Ring camera images give you a view of what’s happening and, in one security firm’s experiments, a good base for machine learning surveillance. (credit: Ring)

Amazon quietly but quickly patched a vulnerability in its Ring app that could have exposed users’ camera recordings and other data, according to security firm Checkmarx.

Checkmarx researchers write in a blog post that Ring’s Android app, downloaded more than 10 million times, made an activity available to all other applications on Android devices. Ring’s com.ring.nh.deeplink.DeepLinkActivity would execute any web content given to it, so long as the address included the text /better-neighborhoods/.

That alone would not have granted access to Ring data, but Checkmarx was able to use a cross-site scripting vulnerability in Ring’s internal browser to point it at an authorization token. Next, Checkmarx obtained a session cookie by authorizing that token and its hardware identifier at a Ring endpoint and then used Ring’s APIs to extract names, email addresses, phone numbers, Ring device data (including geolocation), and saved recordings.

Read 5 remaining paragraphs | Comments

After a chain of attacks, security firm got access to locations and recordings.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt