Researchers have spotted a critical vulnerability affecting the Amazon Photos app on Android.
When exploited this could allow a malicious application installed on the user’s phone to steal their Amazon access token.
The Amazon access token is used to authenticate users across various Amazon API that contain personally identifiable information that could be exposed during attacks. Other APIs, like the Amazon Drive API, could allow threat actors to gain full access to the user’s files.
The vulnerability derived from a misconfiguration of one of the Photos app’s components, which would allow external applications to access it.
When initiated HTTP request that carried a header with the customer’s access token. The server receiving the request could then be controlled. Ransomware possibility also not eliminated.
Upon discovering this set of vulnerabilities, first action by the researchers was to contact the Amazon Photos development team.
Due to high potential impact of the vulnerability and the high likelihood of success in real attack scenarios, Amazon considered this a high severity issue and released a fix for it soon after it was reported.
This research and documentation was done by Checkmarx.