You might want to immediately check for an update for the Ring Android app if you use Amazon’s Ring doorbells or security cameras and manage those through the app. A critical security flaw in the app that could have allowed video footage to be exposed to remote attackers was recently addressed by the business. In late May, the app’s version 3.51.0 included a fix for the issue.
The vulnerability in the Ring Android app was found by researchers at the software security firm Checkmarx. The company claims that because of faults in the app, other apps on the same device were able to access its material. It could also expose the users’ private information, such as complete name, email, phone number, and address, in addition to video recordings and geolocation.
While the creators of reputable apps wouldn’t try to take advantage of this flaw, criminal actors may deceive users into installing rogue apps and access the content of the Ring app. This might result in a devastating assault. Attackers who had access to the video stream were able to view not only who was moving around the house but also sensitive data that the camera recorded. For instance, the camera might capture someone entering their payment information or login credentials on a smartphone or computer screen.
Advertisement THE RING ANDROID APP VULNERABILITY HAS BEEN PATCHED BY AMAZON Checkmarx informed Amazon of this discovery on May 1. The business acknowledged that it was a high-severity issue in its immediate confirmation that it had received the report. It published a patch on May 27 to address the Ring Android app’s vulnerability. According to an official statement from Amazon, there is no proof that anyone has taken advantage of this vulnerability to obtain unauthorized access to consumer data or camera footage.
The business said that it would be quite challenging to use the defect. To execute, Amazon said requires a rare and complicated set of circumstances. Yet it continued to represent a serious hazard to millions of people around the world. On the Google Play Store, the app has received over 10 million downloads.
Thankfully, the patch hasn’t been used in three months. Therefore, it’s possible that the majority of Ring users have already updated their app (v3.51.0 or higher). However, you might still be at risk if you have auto-updates turned off and haven’t manually updated the Ring app in the recent months. Therefore, be careful to check for an update right away. To download the most recent version of the app from the Play Store, click the button below.