Santa Monica, California-based Ring.com's Twitter handle bio says "Simple, proactive whole home security. Bringing homeowners peace of mind since 2012."
A decade later, researchers at Checkmarx, a unicorn that claims to be the global application security testing leader believe Ring's claim may be flawed.
In an August 18 blog titled "Amazon quickly fixed a vulnerability in Ring Android App that could expose users' camera recordings", Checkmarx says Ring by Amazon's Android application that has been downloaded over 10 million times could have let a malicious application installed on the user's phone to expose their personal data such as full name, email, phone number, geolocation, and camera recordings.Wondershare Software
Proof Of Concept
Checkmarx offers you a proof of concept video about how this is possible.
In a timeline, Checkmarx researchers reported their full findings to the Amazon Vulnerability Research program on May 1, 2022. Amazon confirmed receiving it on the same day.
The timeline states Amazon then released a fix to customers on May 27, 2022 in version .51 (3.51.0 Android, 5.51.0 iOS).
Famous for designing long-lived typefaces marked by high performance and high style, Hoefler&Co creates the fonts.
In its response, Amazon while acknowledging this as a high-severity issue said that no customer information was exposed.
It further said that "This issue would be extremely difficult for anyone to exploit because it requires an unlikely and complex set of circumstances to execute."
Mashable says Ring video doorbell cameras have received criticism for their less than ideal security in the past adding "The device's footage is stored in the cloud, an infamously easy-to-hack space which Amazon employees can access."
In fact, Electronic Frontier Foundation on February 4, 2020 published an article "What to Know Before You Buy or Install Your Amazon Ring Camera" in which it said, "Ring is currently involved in a proposed class action lawsuit concerning a number of high profile incidents in which people were able to gain access to Ring cameras and use them to traumatize children and harass families."
Then, EFF says, Ring had blamed the incidents on customers for making the mistake of repeating usernames and passwords previously released in hacks.
EFF, however, called out Ring's negligence in enforcing standard issue protections that were available on other devices.
In its defense, Ring had indeed published a blog on Data Privacy Day, January 28, 2022 "Data Privacy Day: Ring’s Commitment to Our Customers" in which it exhorts its customers to "use complex passwords, and we encourage you to use unique email and password combinations. Sometimes, due to a data breach at another company, customers’ account usernames, email addresses, and passwords are exposed online."
Not convinced, Mashable says Ring by Amazon has given you another reason not to get a Ring camera.
Tom's Guide's alert is: "If you haven’t updated the Ring app for your Android smartphone recently, you should go ahead and install the latest version to prevent hackers from being able to gain access to the saved recordings from your home security cameras."
Save $20 on ESET Smart Security Premium!!! Shop Today!!