What do you want to know
- Amazon has fixed a security flaw in Ring’s Android app.
- The security flaw could have allowed bad actors to access users’ video footage by installing a malicious app on the same device.
- Amazon said it found no evidence the vulnerability was being exploited in the wild.
Amazon’s Ring doorbell cameras aren’t exactly the most secure home devices available, and a new report could provide further evidence to support that claim.
Security Researchers at Checkmarx discovered a vulnerability (opens in a new tab) in Ring’s companion app for Android phones after scanning it. The software security company found several bugs in the app which, when put together, could allow other apps on the same device to access it. In the worst case, it can be malicious apps that trick users into installing them.
This, in turn, could have allowed bad actors to access users’ video footage stored in a Ring Video Doorbell, according to Checkmarx. Additionally, user data including full name, email address, phone number, and geolocation might have been exposed. The app containing the vulnerability has over 10 million downloads.
However, Amazon told the security vendor that the vulnerability “would be extremely difficult for anyone to exploit, as executing it requires an unlikely and complex set of circumstances.”
Amazon said it rolled out a patch for the issue on May 27 after Checkmarx reported the security flaw. Fortunately, the company found no evidence that customer data was exposed to malicious actors.
The latest vulnerability is the latest incident in which Ring has featured in a security issue. In 2020, Amazon employees were found to be allowed to view video footage, with levels of access that went beyond what their jobs required. In July, the company also admitted to streaming 11 clips to law enforcement without user consent this year.