Categories: Data Security InfoSec News Vulnerabilities

A flaw in Amazon Ring could expose user’s camera recordings

Published by
RiSec.Mitch

Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings.

In May, Amazon fixed a high-severity vulnerability in its Ring app for Android that could have allowed a malicious app installed on a user’s device to access sensitive information and camera recordings.

The Ring app allows users to monitor video feeds from multiple devices, including security cameras, video doorbells, and alarm systems. The Android application has been downloaded over 10 million times.

Researchers from security firm Checkmarx discovered a vulnerability in the com.ringapp/com.ring.nh.deeplink.DeepLinkActivity activity, which was implicitly exported in the Android Manifest and, for this reason, it was accessible to other applications on the same device.

“These other applications could be malicious applications that users could be convinced to install.” reads the post published by the researchers. “This activity would accept, load, and execute web content from any server, as long as the Intent’s destination URI contained the string “/better-neighborhoods/”.”

The experts also identified a Reflected Cross-Site Scripting (XSS) issue in cyberchef.schlarpc.people.a2z.com, which can be chained with the previous one to install a malicious application on the device.

An attacker can use a rogue app to obtain the user’s Authorization Token, then can use it to extract the session cookie by sending this information to the endpoint “ring[.]com/mobile/authorize” along with the device’s hardware ID.

“This payload redirects the WebView to the malicious web page, which can access the __NATIVE__BRIDGE__.getToken() JavaScript Interface that grants access to an Authorization Token, which can then be exfiltrated to an attacker-controlled server.” continues the post. “This token is a Java Web Token (JWT), which is insufficient to authorize calls to Ring’s multiple APIs. Authorization is enforced using an rs_session cookie. However, this cookie can be obtained by calling the https://ring.com/mobile/authorize endpoint with both a valid Authorization Token plus the corresponding device’s Hardware ID.”

Once obtained the cookie, the attacker can access to the victim’s account and personal data associated with the account (i.e. full name, email address, phone number, and geolocation information).

Below is a video PoC published by the experts and the timeline for this issue:

  • 1-May-2022     Full findings reported to the Amazon Vulnerability Research Program
  • 1-May-2022     Amazon confirmed receiving the report
  • 27-May-2022   Amazon released a fix to customers in version .51 (3.51.0 Android , 5.51.0 iOS).

“We issued a fix for supported Android customers on May 27, 2022, soon after the researchers’ submission was processed. Based on our review, no customer information was exposed. This issue would be extremely difficult for anyone to exploit, because it requires an unlikely and complex set of circumstances to execute.” Amazon told to the experts.

source

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmark Close
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 19 August 2022 1:36 PM

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Comment
Published by
RiSec.Mitch
Tags: amazon flaw Ring

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago