On the sly, the giant Amazon has corrected a major flaw in its application Pictures on Android.
This is a fault that went (fortunately) unnoticed but which could have had serious consequences.
Amazon Photos: a critical flaw discreetly corrected
Last November, researchers from Checkmarx, an Israeli app security company, found a critical flaw in the Amazon Photos app. They claimed that this vulnerability could easily have been exploited by malicious people to steal the access token from users of Android smartphones and tablets.
According to the statements of João Morais and Pedro Umbelino, both researchers at Checkmarx, “ the Amazon access token is used to authenticate the user to several Amazon APIs, some of which contain personal data such as full name, email and address “. The origin would be the bad configuration of one of the components of the application named ” com.amazon.gallery.thor.app.activity.ThorViewActivity », present in the AndroidManifest.xml file.
Once launched, the HTTP request is redirected to a server controlled by the attacker, which can then allow malicious applications installed on the device to grab the user’s access token. The attacker would thus have had the authorizations to use the APIs for malicious purposes (deletion of Amazon Drive files, ransomware, etc.). Anyway, Amazon fortunately fixed this flaw on December 18, 2021, just over a month after being notified of the problem by the company Checkmarx. More fear than harm…
See the offer
- Included in the Prime subscription (49 € per year)
- Unlimited storage
- High quality retained
To retain its customers, Amazon is increasing the peripheral services to its Prime fast delivery subscription. Thus Amazon Photos offers multi-platform storage to centralize everything on a secure account benefiting from the power of the company’s servers. We appreciate the interface, the diversity of applications as well as the artificial intelligence algorithms. On the other hand, it should be borne in mind that this is another way of forcing us to renew a Prime subscription every year…
To retain its customers, Amazon is increasing the peripheral services to its Prime fast delivery subscription. Thus Amazon Photos offers multi-platform storage to centralize everything on a secure account benefiting from the power of the company’s servers. We appreciate the interface, the diversity of applications as well as the artificial intelligence algorithms. On the other hand, it should be borne in mind that this is another way of forcing us to renew a Prime subscription every year…
On the same subject :
Canceling your Amazon Prime subscription becomes easier thanks to the EU
Source : The Hacker News
4