This dangerous Android security bug could let anyone hack your phone camera
Experts have warned about severalnew vulnerabilities affecting Google and Samsung smartphones which could allow an attacker to take control of a device’s camera app to remotely take photos, record video and even spy on user’s conversations and location.
The flaws were discovered by the Checkmarx security research team, which initially began researching the Google Camera app on a Pixel 2XL and Pixel 3 when they discovered multiple vulnerabilities stemming from permission bypass issues.
Checkmarx dug further and found that these same vulnerabilities also impact Samsung’s camera app and other Android smartphone vendors as well.
Director of security research at Checkmarx, Erez Yalon and senior security researcher at the company, Pedro Umbelino explained how they were able to use a rogue app to gain control of the Google Camera app in a blog post, saying:
“After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so.”
“Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung’s Camera app.”
Camera app vulnerabilities
In order to exploit the vulnerabilities its team found in the Google Camera app, Checkmarx developed a malicious application as a proof of concept exploit. The weather app it created did not require any special permissions besides basic storage access which is a commonplace permission requested by many other apps on the Google Play Store.
However, in addition to its weather app, Checkmarx also set up a command and control server which the app connects to for the purpose of carrying out an attacker’s bidding. Once the app is installed and has been opened on a user’s device, it creates a…