Amazon addresses vulnerability in Ring app for Android

Amazon has posted an update for its Ring for Android app due to a vulnerability discovered by the Checkmarx company, which specializes in application code scanning. The vulnerability was exploiting an exposed deeplink/intent within the Ring application, allowing a bad actor to access recordings.

1660835155235.png


Looking at a vulnerability, with the potential of getting an attacker more videos than they can investigate, the researchers decided to take it one step further by using a computer vision technology that is capable of video analysis. We could have used Google Vision, Azure Computer Vision, or any other service, but we decided to go with the excellent Amazon Rekognition service. Rekognition can be used to automate the analysis of these recordings and extract information that could be useful for malicious actors.Rekognition can scan an unlimited number of videos and detect objects, text, faces, and public figures, among other things.


To further demonstrate the impact of this vulnerability, the researchers showed how this service could be used to read sensitive information from computer screens and documents visible to the Ring cameras and to track people’s movements in and out of a room.
Click to expand...


More details can be found on the Checkmarx website.
 
Click to expand...
You must log in or register to reply here.

Similar threads

pete_c
Hackers infect 500,000 consumer routers all over the world with malware
Replies
7
Views
771
pete_c
pete_c
pete_c
Key Reinstallation Attacks
Replies
12
Views
1K
pete_c
pete_c
pete_c
Patch your Chrysler vehicle before hackers kill you - Published July 21, 2015
Replies
14
Views
1K
pete_c
pete_c
Back
Top