A vulnerability in the Ring Android app could have exposed users' personal data, location, and camera recordings.
Researchers at application security company Checkmarx discovered a flaw in the Amazon-owned home security system's app with over 10 million downloads.
Knowing this vulnerability, an attacker could trick victims into installing a malicious application that would eventually allow crooks to extract the customer's personal data, including full name, email, and phone number, and their Ring device's data geolocation, address, and recordings.
Exploiting the flaw, attackers could even "read sensitive information from computer screens and documents visible to the Ring cameras and to track people's movements in and out of a room."
Checkmarx reported their findings on May 1 through HackerOne, and on May 27, Amazon issued a patch.
"Based on our review, no customer information was exposed. This issue would be extremely difficult for anyone to exploit because it requires an unlikely and complex set of circumstances to execute," Amazon said.
Recently, Ring acknowledged it had shared data with law enforcement without the user's consent on 11 occasions this year, believing there was imminent danger of severe injury or death.
Senator Edward J. Markey released the latest findings from his probe into Amazon doorbell company Ring to highlight “the close relationship between Ring and law enforcement.”
According to his findings, Ring reported more than a five-fold increase in law enforcement partnerships on its platform since November 2019.
More from Cybernews:
Subscribe to our newsletter