Android Camera bug allows apps to record videos without user’s knowledge


Android malware

Security researchers have discovered an important security hole in several Android camera applications. This breach, which could affect millions of users around the world. It would allow other applications to take photos and videos, and also to extract GPS coordinates embedded in the images already captured. Without any authorization from the user.

This security issue, referenced as CVE-2019-2234. It affects Google Camera and Samsung Camera apps that have not been updated since July 2019.

Attackers could hijack your Android Camera to spy on you

The team of researchers from Checkmarx who found this flaw, analyzed the Google Pixel camera application and discovered that several elements allows manipulating the smartphone’s camera to record videos or capture images.

In principle, specific permissions are required for applications to be able to access the camera and capture photos and videos. But the Checkmarx team discovered that apps that have permission to access the device’s storage, can access the camera app, without the user’s permission.

Gizchina News of the week


Google camera

They explain that malicious applications that have access to the device’s storage can not only access photos and videos stored on the device. But can now use this new method to take photos and videos. And even locate GPS coordinates embedded in EXIF ​​data for recorded photos and videos.

Android Camera: A flaw corrected last summer

To show the importance of their discovery, the researchers created a fake app that, like so many applications. Then request access to the device’s storage to function. Undercover of a weather app, it can take and send photos, videos to one of their demo servers. Without user knowledge.

The authors of this find have alerted Google of their discovery as early as July 4th. Google then confirmed the importance of the flaw and said it also affected the camera application of other brands, including Samsung. A corrective update was available in late July on the Play Store for all applications that have this bug.

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Source/VIA :
Read Also:  Google is completely redesigning the “Switch to Android” app!
Previous Nokia 5G now has 50 commercial contracts worldwide
Next Oppo ColorOS 7 adaptation schedule released