What you need to know
- Amazon has patched a security vulnerability in Ring’s Android app.
- The security flaw could have allowed bad actors to access users’ video footage by installing a malicious app on the same device.
- Amazon said that it had found no evidence of the vulnerability being exploited in the wild.
Amazon’s Ring doorbell cameras aren’t exactly the most secure home devices available, and a new report may provide further evidence to support this claim.
Security researchers at Checkmarx discovered a vulnerability (opens in new tab) in Ring’s companion app for Android phones after analyzing it. The software security firm found several bugs in the app that, when stitched together, could grant other apps on the same device access to it. In the worst-case scenario, these could be malicious applications that trick users into installing them.
In turn, it could have allowed bad actors to gain access to users’ video footage stored in a Ring video doorbell, according to Checkmarx. Furthermore, user data including full name, email address, phone number, and geolocation could have been exposed. The app containing the vulnerability has more than 10 million downloads.
However, Amazon told the security vendor that the vulnerability “would be extremely difficult for anyone to exploit, because it requires an unlikely and complex set of circumstances to execute.”
Amazon said that it had rolled out a fix for the issue on May 27 after Checkmarx reported the security flaw. Fortunately, the company found no evidence of customer data being exposed to malicious actors.
The latest vulnerability is the latest incident in which Ring figured in a security issue. In 2020, it was found that Amazon employees were allowed to view video footage, with access levels that went beyond what their job required. In July, the company also admitted to releasing 11 clips to law enforcement without user consent this year.
