Hundreds Of Millions Android Smartphones Are Vulnerable To This Camera Hack




Security researchers at Checkmarx have discovered a vulnerability in the camera application on Samsung, Google and many Android smartphones which can be exploited for nefarious purposes.

Tracked as CVE-209-2234, the security vulnerability can be used to hijack Android users phone camera and secretly take picture, record video, eavesdrop and identify GPS coordinates of the victim even if the device is locked.

According to Erez Talon, Director of Security research at Checkmarx, the team began an investigate to see if smartphone cameras are in any way opening users to privacy risks. They used the Google Camera app on a Google Pixel 2 XL and Pixel 3 which led to the discovery of multiple vulnerabilities which had permission bypass issues.


"After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permission to do so," Erez Talon said in a blog post.

The bug which is present on Google, Samsung and other Android device present several potential attack vectors that leads to surveillance and as well serious invasion of privacy on hundreds of millions of Android device.

"Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metada embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung's Camera app."

Google and Samsung were notified of the issue and security patches have been rolled out to address it.

1 comment:

  1. Google and other companies are doing all this on purpose ... You see they also have a higher superior higher than them who uses these things to kill people and cover their tracks ... Just watch the movie "dark web" to get a glimpse of what Im talking about

    ReplyDelete

Powered by Blogger.