Android camera app can be hacked to spy on you, show researchers
An attacker hacking into your Android phone’s camera app to view your surroundings and record you is a scary thought but more likely than you probably thought. A recent report published by Israeli security research firm Checkmarx reveals that the camera app from Google and Samsung contains vulnerabilities, which, when exploited, could allow an attacker to gain complete control over the app even if the app’s permissions (for storage, location, etc.) are locked.
In a detailed report and video published a few days ago, the researchers at Checkmarx demonstrate that their mock-up app—a seemingly harmless weather app—was able to hijack the default camera app on a Google Pixel 2 XL running Android 9 Pie. The video shows that Checkmarx’s app was able to record videos, take photos, bypass the camera app’s permissions, access stored media, and retrieve the user’s location through the media file’s GPS metadata.
The report mentions that this sort of a hijack is possible with Samsung’s camera app as well. The report goes on to mention that Google responded by acknowledging the problem and letting Checkmarx know that a fix had already been sent out in July earlier in the year. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
In the video, the researchers also show a real-life scenario in which this sort of an attack could be dangerous to the user and their data. In the video, an attacker is seen making a call to the victim. When the victim places the phone against their ear, the attacker runs the mock-up hijack app to record video through the phone’s rear camera. The recorded video captures the sensitive data that’s viewed on user’s external display, thus letting the attacker steal data using the hijack app.
from Latest Technology News https://ift.tt/2Obai0J
No comments