News (38224) Mash (23407) Engadget (14817)

Translate

Amazon sneakily fixed a vulnerability in the Ring camera

Ring cameras

There are plenty of reasons not to get a Ring camera, and the Amazon-owned home security system company just gave us another.

In May, Ring sneakily fixed a "high-severity" security vulnerability in its Android app that could've exposed users' camera recordings, full name, email, phone number, geolocation, and address, according to researchers from the security company Checkmarx. And the company kept it quiet, TechCrunch reported. The Android app has been downloaded more than 10 million times.

Checkmarx researchers discovered the vulnerability while they were analyzing Ring's Android app and found that it had several bugs. All those bugs combined could have let attackers exploit the app and the users.

Amazon told Checkmarx that it issued a fix for the problem on May 27. 

"Based on our review, no customer information was exposed," Amazon said. "This issue would be extremely difficult for anyone to exploit, because it requires an unlikely and complex set of circumstances to execute."

This isn't the first time Ring video doorbell cameras have come under fire for their less than ideal security. The device's footage is stored in the cloud, an infamously easy-to-hack space which Amazon employees can access. And according to the Electronic Frontier Foundation, bad actors have accessed Ring cameras time and time again and "used them to traumatize children and harass families." 

So it's great that Checkmarx found these vulnerabilities and that Amazon fixed them. But wouldn't it be easier if we just… stopped buying them?


via IFmashable.com

Subscribe to receive free updates:

0 Response to "Amazon sneakily fixed a vulnerability in the Ring camera"

Post a Comment