Android Camera App Vulnerability Could Allow Attackers to Spy On Users

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Google and Samsung smartphones reportedly had a serious security flaw that could allow spying on users. The vulnerability existed in the Android Camera app that would permit covert pictures and video recording.

Android Camera App Vulnerability Discovered

Researchers from Checkmarx have come up with an important discovery. They have found a vulnerability in the Android Camera app that affects most Samsung and Google phones. Exploiting the bug could allow a potential attacker to take control of the device’s camera. Consequently, the camera would continue running in the background without users’ input. It would pose a risk to a users’ privacy as the camera could record videos and take pictures without consent.

In brief, the vulnerability (CVE-2019-2234) allowed unauthorized apps to bypass granted permissions. Hence, through a rogue app, an attacker could access the device camera. Moreover, exploiting the vulnerability could also allow access to stored pictures and videos, and the users’ GPS location.

The following video demonstrates how the attack would proceed, even in the real-world scenario.

Researchers have shared their findings in brief in a blog post. They also shared a detailed technical report with the OEMs informing them of the flaw.

Patch Now To Remain Safe

The researchers tested Google Pixel 2 XL and Pixel 3 to find the bug. Furthermore, they also observed that the same vulnerability also affected Samsung devices.

Upon discovering the vulnerability, the researchers informed Google and Samsung about the flaw. In response, Google patched the vulnerability with July 2019 updates. As confirmed in their statement to Checkmarx,

We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.

Whereas, according to ZDNet, Samsung has also addressed this issue.

Since being notified of this issue by Google, we have subsequently released patches to address all Samsung device models that may be affected. We value our partnership with the Android team that allowed us to identify and address this matter directly.

Recently, researchers also highlighted a flaw in Qualcomm powered Android phones that could expose sensitive device information to potential attackers.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Feel free to leave a comment

Do NOT follow this link or you will be banned from the site!