An Android vulnerability was recently detected on the Google Camera app and Samsung’s camera app that allowed hackers to exploit the phone’s camera app even without the user’s permission.
The Android vulnerability was classified as CVE-2019-2234 and was discovered by Checkmarx Security Research Team. The security researchers discovered that the Pixel 2 XL and Pixel 3 camera app had permission bypass issues. The same vulnerability was found on the Samsung camera app as well affecting hundreds of millions of smartphones.
This vulnerability gave hackers control of the smartphone’s camera and use it to capture photos and record videos as well. They could manage this through a rogue Android app, while also having the potential to access videos and photos saved on the phone. More intricate details like the GPS metadata and EXIF data of the photos could be attained by hackers.
Checkmarx also explained how storage permissions for SD card data can be easily exploited. This exploitation could take place even during voice calls where the hacker could record the entire conversation of the caller and receiver both.
“In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call,” Checkmarx explained.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
