New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings

Retail giant Amazon patched a high-severity security issue in
its Ring app for Android in May that could have enabled a rogue
application installed on a user’s device to access sensitive
information and camera recordings.

The Ring app for Android has over 10 million downloads and
enables users to monitor video feeds from smart home devices such
as video doorbells, security cameras, and alarm systems. Amazon
acquired the doorbell maker for about $1 billion in 2018.

Application security firm Checkmarx explained[1]
it identified a cross-site scripting (XSS) flaw that it said could
be weaponized as part of an attack chain to trick victims into
installing a malicious app.

CyberSecurity

The app can then be used to get hold of the user’s Authorization
Token, that can be subsequently leveraged to extract the session
cookie by sending this information alongside the device’s hardware
ID, which is also encoded in the token, to the endpoint
“ring[.]com/mobile/authorize.”

Armed with this cookie, the attacker can sign in to the victim’s
account without having to know their password and access all
personal data associated with the account, including full name,
email address, phone number, and geolocation information as well as
the device recordings.

This is achieved by querying the below two endpoints –

  • account.ring[.]com/account/control-center – Get the user’s
    personal information and Device ID
  • account.ring[.]com/api/cgw/evm/v2/history/devices/{{DEVICE_ID}}
    – Access the Ring device data and recordings

CyberSecurity

Checkmarx said it reported the issue to Amazon on May 1, 2022,
following which a fix was made available on May 27 in version
3.51.0. There is no evidence that the issue has been exploited in
real-world attacks, with Amazon characterizing the exploit as
“extremely difficult” and emphasizing that no customer information
was exposed.

The development comes more than a month after the company moved
to address a severe weakness[2]
affecting its Photos app for Android that could have been exploited
to steal a user’s access tokens.

References

  1. ^
    explained
    (checkmarx.com)
  2. ^
    severe
    weakness
    (thehackernews.com)

Read more

Leave a Reply