Ring App Vulnerability Could Expose User’s Phone Data

Amazon recently patched a security vulnerability affecting the privacy of Ring camera users. As reported, the vulnerability existed in the Ring camera Android app that allowed malicious applications to access user’s phone data, including location, camera recordings, and more.

About The Ring App Vulnerability

According to a recent report from CheckMarx, their researchers discovered a significant security vulnerability Affecting the Ring mobile app that could risk users’ privacy.

Briefly, the researchers noticed multiple security issues with the app that an adversary could exploit in a chained manner. First, they observed the ease of accessibility to the app’s com.ringapp/com.ring.nh.deeplink.DeepLinkActivity activity for other applications. Hence, a malicious app installed on the same device as the Ring Android app could launch the activity and trick the user into installing other apps.

Regarding this activity’s exploit, the researchers stated,

This activity would accept, load, and execute web content from any server, as long as the Intent’s destination URI contained the string “/better-neighborhoods/”… The attacker-controlled web page could then interact with the WebView’s JavaScript interfaces, as long as it was served from a “ring.com” or “a2z.com” subdomain.

Then, they noticed a reflected XSS vulnerability in the cyberchef.schlarpc.people.a2z.com subdomain that could be chained with the above.

After that, the researchers demonstrated how an adversary could call the https://ring.com/mobile/authorize endpoint to obtain the rs_session cookie to take control of the target device and access Ring’s app data.

With this cookie, it was then possible to use Ring’s APIs to extract the customer’s personal data, including full name, email, and phone number, and their Ring device’s data, including geolocation, address, and recordings.

The researchers have shared the PoC exploit in the following video.

Amazon Quietly Deployed A Fix

After discovering this vulnerability, CheckMarx researchers reported the issue to Amazon. Subsequently, Amazon patched the vulnerability with the release of the Ring app versions 3.51.0 for Android, and 5.51.0 for iOS users. Amazon also assured no exploitation of the vulnerability in the wild.

The Android app for Amazon’s Ring cameras boasts over 10 million downloads. That means the vulnerability also posed a threat to the security and privacy of millions of users. Now that Amazon has patched the flaw and the PoC exploit is out, users must ensure updating their devices with the fixed releases as soon as possible to avoid any risks.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients