An Android vulnerability allowed attackers to secretly record videos

Was Google Camera hacked? Leading application security firm Checkmarx has detailed multiple vulnerabilities. And you've found them in Android mobile phone camera apps from several leading providers, including Google and Samsung.

It was initially detected on Google Pixel 2 XL and Pixel 3 mobile phones. The vulnerabilities (CVE-2019-2234) come from  “permission bypass issues”.

These, They can potentially allow attackers to use third-party apps to take photos, record videos, and listen to phone calls without permission. Take it now!

Android vulnerability allowed to record videos without users knowing

Through Google Camera and other camera apps

According to an official Checkmarx blog post, A detailed analysis of the Google Camera app by the company's researchers found that by manipulating specific actions and intentions, an attacker can control the app to take photos and/or record videos through a rogue app that does not have permissions. to do it.

The vulnerability also apparently allows hackers or malicious users to bypass storage permission policies to access media files on the phone. As well as the GPS metadata to locate the user.

A test attack (PoC) designed and implemented by the researchers apparently shows that malicious apps will not need any special permissions beyond the basic storage permission.

"When the client launches the (malicious) app, it essentially creates a persistent connection back to the command and control (C&C) server and waits for commands and instructions from the attacker... Even closing the app doesn't terminate the persistent connection."the company said.

Once the device is compromised, the attacker can take photos and videos with the victim's phone and upload it to the C&C server. They can also potentially analyze all photos for GPS tags and locate the phone on a global map, thus determining the geographic location of the unsuspecting victim.

google room

Furthermore, the audio and video permission also allows the hacker to automatically record the phone calls from both sides of the conversation.

Upon being informed by the Checkmarx research team, Google investigated the matter on its own and found that the vulnerabilities were not specific to Pixel devices.

According to the search giant, the impact was much larger and spread to the broader Android ecosystem, affecting multiple vendors. However, the company says it addressed the issue via a Google Camera app update in July 2019 just days after being made aware of the problem.

Samsung also confirmed the findings and began taking steps to mitigate the issue. In this case we do not know if it has already been done or as in its updates to new versions of Android, they take a century and a half to arrive.

Did you know about these types of attacks on Androis devices? Leave a comment on 3,2,1…


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*