Amazon's Ring Patches Flaw That Could've Let Hackers Access Camera Footage

pcmag.com:

Earlier this year, security researchers uncovered a way to access a customer’s Ring security camera footage by hacking the Android app for the service. 

On Thursday, cybersecurity vendor Checkmarx disclosed(Opens in a new window) the flaw after the Amazon-owned Ring had a chance to quietly patch the problem in May. 

The vulnerability involved a function in the Android app for Ring cameras, specifically in the process "com.ringapp/com.ring.nh.deeplink.DeepLinkActivity," which was accessible to other Android apps on the same device. This paved the way for a malicious app installed on the same Android phone to hijack access to the Ring app. 

Checkmarx researchers investigated further and found they could pull off the attack. Ring’s Android app "would accept, load, and execute web content from any server, as long as the Intent's destination URI contained the string ‘/better-neighborhoods/,'" the company wrote in a blog post. 

The proof-of-concept attack from Checkmarx uses a malicious Android app to load up a web page that's rigged to access and steal an authorization token for the Ring service. This token can then be used to exploit Ring’s own APIs to “to extract the customer’s personal data, including full name, email, and phone number, and their Ring device’s data, including geolocation, address, and recordings.”

The limitation to the attack is convincing a Ring customer who uses an Android phone to install the malicious app. But if a hacker can pull this off, then the customer’s most private information can be exposed. Checkmarx researchers also took their proof-of-concept attack further by showing how Amazon’s own computer vision technology, called Rekognition, could be used to help an attacker quickly sift through a