Google and Samsung smartphones reportedly had a serious security flaw that could allow spying on users. The vulnerability existed in the Android Camera app that would permit covert pictures and video recording.
Researchers from Checkmarx have come up with an important discovery. They have found a vulnerability in the Android Camera app that affects most Samsung and Google phones. Exploiting the bug could allow a potential attacker to take control of the device’s camera. Consequently, the camera would continue running in the background without users’ input. It would pose a risk to a users’ privacy as the camera could record videos and take pictures without consent.
In brief, the vulnerability (CVE-2019-2234) allowed unauthorized apps to bypass granted permissions. Hence, through a rogue app, an attacker could access the device camera. Moreover, exploiting the vulnerability could also allow access to stored pictures and videos, and the users’ GPS location.
The following video demonstrates how the attack would proceed, even in the real-world scenario.
Researchers have shared their findings in brief in a blog post. They also shared a detailed technical report with the OEMs informing them of the flaw.
The researchers tested Google Pixel 2 XL and Pixel 3 to find the bug. Furthermore, they also observed that the same vulnerability also affected Samsung devices.