![]() |
![]() ![]() ![]() ![]() |
![]() |
Elliot Alderson @ fs0c131y | |||
<Thread> Few days ago, @Gizmodopublished an awesome investigation about the Neighbors app by @ring. The article is doing an excellent job but no technical details are given. So I decided to give a look at the crime-alert app made by Amazon 1/ gizmodo.com/ring-s-hidden-… 5:02 AM - 20 Dec 2019
|
||||
|
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamIn the article, @dellcamexplained that by examining the network traffic of the Neighbors app, we can get the geographic coordinates of a camera. 2/ pic.twitter.com/2RQvgQ8550 |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamSo I installed the app on a phone, intercepted the traffic and used all the possible features of the app 3/ play.google.com/store/apps/det… |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamBingo! When the app retrieves the details of an alert, the geographic details of the camera is in the response. 4/ pic.twitter.com/nkBKxDmOqm |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamThis is what an alert looks like in the app. The location of the camera is not given, only "X miles away". This a clear leak of personal information from @ring5/ pic.twitter.com/EaNYyFOwHD |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamIn his article @Gizmodomentionned the work of Dan Calacci, a PhD student at the Massachusetts Institute of Technology’s (MIT) Media Lab. He managed to enumerate the location of all the @ringcameras in the US. How did he do it? 6/ pic.twitter.com/xBB5EXAJ2O |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamThis is quite easy. In the "get alert details" request you just have to change the alert id: /api/alerts/<alert_id> 7/ twitter.com/fs0c131y/statu… |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ring @dellcamAs a result, you will have the location of the @ringcameras who shared an alert at least once in the past. 8/ |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersIn another article, @josephfcoxfrom @VICEmentionned that some hackers are able to crack @ringaccounts. How they are doing that? 9/ vice.com/en_us/article/… |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersUnfortunately, this is quite easy. An attacker has two choices: - use a list of already compromised combinations from other services - If you know the victim's email you can bruteforce the password. There is no rate limitation on the server side... 10/ pic.twitter.com/Pp4TzIcF5E |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersI successfully bruteforce my own account... 11/ pic.twitter.com/rUY28G5PgW |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersAlso, there is no authentication to access the videos of alerts shared by @ringusers. 12/ nhshare.ring.com/17148411/00059… |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersNo authentication to access the photos too... 13/ nhshare.ring.com/7707699/000581… |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersDon't tell anyone, but if you want to have fun the api and the staging env urls are available in the app. 14/ pic.twitter.com/jBf6I36U1V |
||
View conversation
·
![]() ![]() ![]() |
![]() |
Elliot Alderson
@ fs0c131y |
Dec 20 |
Replying to @Gizmodo @ringand 3 othersThat's the end. Don't buy a product with such lousy security 15/15 pic.twitter.com/F4bWdBZCvS |
||
View conversation
·
![]() ![]() ![]() |
Enter a topic, @name, or fullname
Settings | Help |
·
Turn images off