If you use Amazon’s Ring doorbells or security cameras and control those through the Ring Android app, you might want to check for an update for the app right away. The company recently patched a major security vulnerability in the app that could have leaked video footage to remote attackers. The bug was patched with version 3.51.0 of the app in late May.
Researchers at software security company Checkmarx discovered the vulnerability in the Ring Android app. According to the firm, bugs in the app allowed other apps on the same device access to its content. Along with video recordings and geolocation, it could also leak the user’s personal information, including full name, email, phone number, and address.
While developers of trusted apps wouldn’t look to exploit this vulnerability, bad actors could trick users to install malicious apps and gain access to the Ring app‘s content. This could lead to a devastating attack. With access to the camera feed, attackers could not only see the movement of people in the house but also gain access to sensitive information that the camera records. For example, the camera may record someone entering their login credentials or payment info on a mobile or computer screen.
Amazon has patched this vulnerability in the Ring Android app
Checkmarx reported this finding to Amazon on May 1. The company promptly responded to confirm receiving the report, acknowledging that it was a high-severity issue. On May 27, it released a patch to fix the vulnerability in the Ring Android app. In an official statement, Amazon said that it has no evidence of anyone exploiting this vulnerability to gain unauthorized access to customer information or video footage.
The company further added that the bug was extremely difficult to exploit. It required “an unlikely and complex set of circumstances to execute,” Amazon said. But it still posed a major threat to millions of people globally. The app has over ten million downloads on the Google Play Store.
Thankfully, it’s been three months since the patch was released. So most Ring customers may have already installed the new version of the app (v3.51.0 or higher). However, if you have auto-updates disabled and didn’t manually update the Ring app in the past few months, you might still be vulnerable to it. So make sure to check for an update immediately. You can click the button below to download the latest version of the app from the Play Store.