Android Flaw Lets Rogue Apps Spy On You Through Your Phone’s Camera

Alvine Chaparadza Avatar

Researchers at security firm Checkmarx have uncovered several vulnerabilities in the camera apps of multiple Android smartphone made by Original Equipment Manufacturers (OEM) such as Google and Samsung.

As Checkmarx Senior Security Researcher Pedro Umbelino explains, the team started their investigation by having a look at the Google Camera app on Pixel 2 XL and Pixel 3 handsets. They found multiple vulnerabilities relating to “permission bypass issues” which could allow an attacker to use the app to take photos and record videos via a rogue app.

Attacks are even possible when a victim’s phone is locked, the screen is off and during voice calls. To demonstrate the various vulnerabilities, the team at Checkmarx designed a proof-of-concept app meant to look like an ordinary weather app. With it, they were successfully able to snap photos and videos without a user’s knowledge, grab GPS data from photos and even record audio from both sides of a conversation during voice calls. Check the demonstration below:

Hijacking Google Pixel Camera Application

Image for YouTube video with title Hijacking Google Pixel Camera Application viewable on the following URL

The Checkmarx team notified Google of their findings, who then confirmed that the issue wasn’t limited to their camera app but rather, extended into the general Android ecosystem.

Google and other OEMs have since fixed the vulnerability but you will need to make sure you are running the latest app updates to mitigate your vulnerability. As a general best practice, make sure you have the latest updates for each and every app on your mobile device.

Image credit: FirstPost

Also read: 4 Reason Why You Should Keep Your Apps Updated


What’s your take?

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed