advertisement

Android Flaw Lets Rogue Apps Spy On You Through Your Phone’s Camera

advertisement

Researchers at security firm Checkmarx have uncovered several vulnerabilities in the camera apps of multiple Android smartphone made by Original Equipment Manufacturers (OEM) such as Google and Samsung.

advertisement

As Checkmarx Senior Security Researcher Pedro Umbelino explains, the team started their investigation by having a look at the Google Camera app on Pixel 2 XL and Pixel 3 handsets. They found multiple vulnerabilities relating to “permission bypass issues” which could allow an attacker to use the app to take photos and record videos via a rogue app.

Attacks are even possible when a victim’s phone is locked, the screen is off and during voice calls. To demonstrate the various vulnerabilities, the team at Checkmarx designed a proof-of-concept app meant to look like an ordinary weather app. With it, they were successfully able to snap photos and videos without a user’s knowledge, grab GPS data from photos and even record audio from both sides of a conversation during voice calls. Check the demonstration below:

advertisement

The Checkmarx team notified Google of their findings, who then confirmed that the issue wasn’t limited to their camera app but rather, extended into the general Android ecosystem.

Google and other OEMs have since fixed the vulnerability but you will need to make sure you are running the latest app updates to mitigate your vulnerability. As a general best practice, make sure you have the latest updates for each and every app on your mobile device.

Image credit: FirstPost

Also read: 4 Reason Why You Should Keep Your Apps Updated


Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, click here to enter your query.


WhatsApp Discussions

Click to join a Techzim WhatsApp group:
https://chat.whatsapp.com/DmLxdWXYWiC33Fhn5aRKIS

If you find the group full, please notify us on +263 715 071 199 and we'll update the link.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.