An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos even when they don’t have specific device permissions to do so.
On Tuesday, Erez Yalon, Director of Security Research at Checkmarx disclosed the bugs, tracked overall as CVE-2019-2234, which stem from permission bypass issues.
The team began an investigation of the security of our smartphone’s camera capabilities by exploring the Google Camera app on a Google Pixel 2 XL and Pixel 3, leading to the discovery that they were able to tamper with particular actions and, overall, make it “possible for any application, without specific permissions, to control the Google Camera app.”
According to researchers, by merely manipulating specific “actions and intents,” a malicious app can trick vulnerable camera apps into performing actions on behalf of the attacker, who can then steal photos and videos from the device storage after being taken.
Since smartphone camera apps already have access to required permissions, the flaw could allow attackers to indirectly and surreptitiously take photos, record videos, eavesdrop on conversations, and track location — even if the phone is locked, the screen is off, or the app is closed.
This included taking photos and recording video, even if the target device was locked or the screen was turned off, or if the victim was in the middle of a phone call — all of which are potential attack vectors that could lead to surveillance and a serious invasion of privacy.
Checkmarx also said that other smartphone vendors making use of the Android operating system, namely Samsung, were also vulnerable. As a result, it is possible that hundreds of millions of end-users could have been susceptible to exploit.
How to stay safe from this Flaw :
To protect yourself from attacks surrounding this vulnerability, ensure you are running the latest version of the camera app on your Android smartphone.
Besides this, you are also recommended to run the latest version of the Android operating system and regularly update apps installed on your phone.
For more information, check out our website TheWebOrion.com.