A dangerous Android Security Bug Which May Hack Your Phone Camera

Experts have sometimes warned about the vulnerabilities or susceptibilities which affect Google or Samsung Smartphones. It might allow the attackers to control the camera app of a device to remotely record videos, take photos or even scout on the conversations or location of a user. The faults were discovered by the Checkmarx security research team that initially start researching the Google Camera app in a Pixel 2XL and Pixel 3 at the time of discovering multiple liabilities.

Checkmarx dug also found that these similar liabilities also affect the camera app of the Samsung and also some other Smartphones as well.

• Simjaker attack may impact a billion of Smartphones.
• Some Smartphones of LG and Samsung are at risk from Qualcomm Security flaw.
• Also, inspect the most effective android antivirus apps.

The senior security researcher and also the director of the security research at the company explained how they were able to use a rouge app for gaining control of the Google Camera app in a blog post. After many analyses, the team members realized that an attacker may control the app to take photos or to record videos through a rouge application by manipulating some specific intents or actions. Apart from that, the team also found some attack scenarios which enabled the malicious actors to avoid many storage permission policies. It was also giving them access to the stored photos or videos and also the GPS metadata embedded in photos to locate the users by taking videos or a photo or to locate the users by taking a photo or video and parsing the proper EXIF data. The same technology also applied to the camera app of Samsung.

Camera App Liabilities

In order to utilize these obligations, the team found in the Google Camera App that Checkmarx developed a malicious application as a proof of concept exploit. The team created a weather app that did not need any special permissions apart from basic storage access which is common permission requested by many other apps on the Google Play Store. 

Apart from the weather app, he also set up a command and a control server which the app connects to carry out the command of the attacker. Once the app is done with its installation,  and then it has been opened on a user’s device. It creates a never-ending connection to the command and the control server to wait for the upcoming instructions.

In case, if a user wants to stop the app, it will still be connected to the server and an attacker could command to take videos, photos or to record audios or videos from voice calls, capture GPS tags from photos to access the data present on the device. All the photos or videos taken by the app which could be uploaded to the server. The concept developed by Checkmark which would even allow an attacker to take photos, record videos, can be used if the smartphone was locked.

Both Samsung and Google have issued for the vulnerabilities to prevent falling victim for a similar attack. For these issues, users should update their devices to the latest version of android to make sure that the latest security patches have been applied as well as updated their camera app. You should protect your devices with the best antivirus software.

Read More Article: Firefox Preview For Android