An Android operating system vulnerability has been disclosed that affects its built-in camera app. Hackers could manage this through a rogue Android app. Checkmarx also discovered that hackers had the potential to access videos and photos saved on the phone.
Through this, the app could take photos and record videos, silencing the smartphone so no shutter noise would alert the user, then upload them to the command server. Checkmarx also explained how storage permissions for SD card data can be easily exploited.
Having missed out on the previous Android P beta program, Samsung was expected to have at least one device in Google's Android Q beta testing program that kicked off in May 2019 after the I/O event, but the Korean company didn't participate.
If you're an Android user, you need to read this article carefully and consider taking action, because there's a fair chance that hackers could be watching what your smartphone's cameras are seeing, and listening in on your private phone calls as well.
Even though both Google LLC and Samsung Electronics Co.
Marcus Rashford warns Man Utd teammates top-four finish is not enough
Manchester United loanee Dean Henderson will not feature for Sheffield United Kingdom when Premier League actions return this weekend.
This incident of turning a phone into a spy camera became viral in a Facebook bug which required the owner of the iPhone to open the camera, but requiring user permission first before it can be accessed. After initially setting the severity of the vulnerability as moderate, Google raised it to high and began contacting other smartphone vendors.
If you haven't updated your device's camera app in a while, try checking for updates via the Google Play Store.
To drive the point home of exactly how unsafe this latest breach is, the research team "designed and implemented a proof-of-concept app that doesn't require any special permission beyond the basic storage permission". "There are a large number of applications, with legitimate use-cases, that request access to this storage, yet have no special interest in photos or videos", said the researchers.
Although both Google and Samsung have released patches - Google in July and Samsung in August - the ongoing concern is that older Google and Samsung devices that do not receive updates as well as devices from other manufacturers remain vulnerable.
Google has said, "We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure". The camera activity, com.google.android.GoogleCamera/com.android.camera.CameraActivity, was also an exported activity, meaning that other apps could call for it. "For proper mitigation and as a general best practice, ensure you update all applications on your device", says the company.