Amazon Ring | Breaking Cybersecurity News | The Hacker News

Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018. Application security firm Checkmarx  explained  it identified a cross-site scripting (XSS) flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app. The app can then be used to get hold of the user's Authorization Token, that can be subsequently leveraged to extract the session cookie by sending this information alongside the device's hardware ID, which is also encoded in the token, to the endpoint "ring[.]com/mobile/authorize." Armed with th...

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out. To that effect, the company intends to register all compatible devices that are operational in the U.S. into an ambitious location-tracking system called Sidewalk as it prepares to roll out the shared mesh network in the country. Originally  announced  in September 2019,  Sidewalk  is part of Amazon's efforts to build a long-range wireless network that leverages a combination of Bluetooth and 900 MHz spectrum ( FSK ) to help Echo, Ring, Tile trackers, and other Sidewalk-enabled devices communicate over the internet without Wi-Fi. Sidewalk is designed to extend the working range of low-bandwidth devices, and help devices stay connected even if they are outside the range ...

"A boxer derives the greatest advantage from his sparring partner…" — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn't Blue's first day and despite his solid defense in front of the mirror, he feels the pressure. But something changed in the ring; the variety of punches, the feints, the intensity – it's nothing like his coach's simulations. Is my defense strong enough to withstand this? He wonders, do I even have a defense? His coach reassures him "If it weren't for all your practice, you wouldn't have defended those first jabs. You've got a defense—now you need to calibrate it. And that happens in the ring." Cybersecurity is no different. You can have your hands up—deploying the right architecture, policies, and security measures—but the smallest gap in your defense could let an attacker land a kn...