Ring
Amazon discreetly but quickly corrected a vulnerability in its Ring application which could have exposed the recordings of user cameras and other data, according to the security company Checkmarx.
Checkmarx researchers write in a blog post that Ring’s Android app, downloaded over 10 million times, has made activity available to all other apps on Android devices. Rings com.ring.nh.deeplink.DeepLinkActivity would perform any web content provided to it, as long as the address includes the text /better-neighborhoods/.
That alone wouldn’t have allowed access to Ring’s data, but Checkmarx was able to use a cross-site scripting vulnerability in Ring’s internal browser to direct it to an authorization token. Then CheckMarx obtained a session cookie by authorizing this token and its hardware identifier on a RING endpoint, then used Ring’s APIs to extract names, email addresses, phone numbers, device data ring (including geolocation) and recorded recordings.
https://www.youtube.com/watch?v=EJ5QSX4FDKS
Checkmarx’s video, with sequence tests and a hacker wearing a hooded sweatshirt.
And then Checkmarx continued. With access to its own sample user records and a number of machine learning-based computer vision services (including Amazon’s Rekognition), the security firm has gone wide-angle. You could, the firm found it in its tests, search:
- Fortunes, and possibly their combinations
- Images of documents containing the words “top secret” or “private”
- Known celebrities and political figures
- Passwords and access codes
- Children, alone, in front of a ring camera
To be clear, vulnerability has apparently never been exploited in the wild. Checkmarx reported it on May 1, Amazon confirmed its reception on the same day and a correction was published (3.51.0 for Android, 5.51.0 for iOS). Checkmarx says that Amazon responded to the high -selling problem with a receipt of receipt but also a postponement. “This problem would be extremely difficult for anyone to exploit because it requires an improbable and complex set of circumstances to execute,” Amazon told Checkmarx.
Erez Jones, Vice-President of Security Research at Checkmarx, told The Record that the vulnerabilities recorded together are coveted by the pirates.
“Each would be problematic, but stringing them together, something hackers always try to do, made it so impactful.”
Ring
Amazon discreetly but quickly corrected a vulnerability in its Ring application which could have exposed the recordings of user cameras and other data, according to the security company Checkmarx.
Checkmarx researchers write in a blog post that Ring’s Android app, downloaded over 10 million times, has made activity available to all other apps on Android devices. Rings com.ring.nh.deeplink.DeepLinkActivity would perform any web content provided to it, as long as the address includes the text /better-neighborhoods/.
That alone wouldn’t have allowed access to Ring’s data, but Checkmarx was able to use a cross-site scripting vulnerability in Ring’s internal browser to direct it to an authorization token. Then CheckMarx obtained a session cookie by authorizing this token and its hardware identifier on a RING endpoint, then used Ring’s APIs to extract names, email addresses, phone numbers, device data ring (including geolocation) and recorded recordings.
https://www.youtube.com/watch?v=EJ5QSX4FDKS
Checkmarx’s video, with sequence tests and a hacker wearing a hooded sweatshirt.
And then Checkmarx continued. With access to its own sample user records and a number of machine learning-based computer vision services (including Amazon’s Rekognition), the security firm has gone wide-angle. You could, the firm found it in its tests, search:
- Fortunes, and possibly their combinations
- Images of documents containing the words “top secret” or “private”
- Known celebrities and political figures
- Passwords and access codes
- Children, alone, in front of a ring camera
To be clear, vulnerability has apparently never been exploited in the wild. Checkmarx reported it on May 1, Amazon confirmed its reception on the same day and a correction was published (3.51.0 for Android, 5.51.0 for iOS). Checkmarx says that Amazon responded to the high -selling problem with a receipt of receipt but also a postponement. “This problem would be extremely difficult for anyone to exploit because it requires an improbable and complex set of circumstances to execute,” Amazon told Checkmarx.
Erez Jones, Vice-President of Security Research at Checkmarx, told The Record that the vulnerabilities recorded together are coveted by the pirates.
“Each would be problematic, but stringing them together, something hackers always try to do, made it so impactful.”
