|
|
Google Camera Flaw (Android) - TechAmok
Google Camera Flaw (Android) - [security]
03:53 PM EST - Nov,19 2019 - post a comment The thought of a stranger hijacking your camera and being able to see what you are doing without your knowledge is the stuff of nightmares for most people. Our phones tend to follow us into every area of our lives. Checkmarx decided to see if the cameras that are built into Android phones might be vulnerable to hacking. For their testing, the team took a Pixel 2 XL and Pixel 3 smartphone and began to probe the Google Camera app. The team found that there were a number of "concerning vulnerabilities" in the Google Camera app.
They also found that the same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem. They specifically cited Samsung's camera app as vulnerable. The team found in testing that by manipulating specific actions and intents, an attacker can control the app to take photos and record photos through a rogue process that should have no permission to do so.
Checkmarx also notes that it found specific attack scenarios that could enable malicious actors to circumvent various storage permission policies to give them access to stored videos and photos along with GPS metadata embedded in photos; that data could be parsed to locate the user. One way the researchers found enabled a rogue application to force the camera to take pictures and record videos even if the phone is locked or the screen turned off. The researchers were able to force video and images to be taken even when the user was in the middle of a voice call.
Allowing an app to receive input from the camera, mic, and GPS location is highly invasive, according to Google (or course). The team was able to design an attack scenario that circumvents the permission policy by abusing the Google Camera app itself. The vulnerability has to do with giving permissions to external storage, which provides an app with access to the entire SD card. The team says that when activated during a voice call, the hacker could record the voices on both ends of a conversation.
Checkmarx says that it has already notified Google of its findings, and the company updated vulnerable versions of the Camera App in July 2019. |
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Feb,27 2026 Have RAM and GPU Prices Peaked? Feb,27 2026 Zoom 'Update' Trap: Fake Site Infects 1,437 Users with Spyware in Feb,27 2026 Stop WASTING Money on Fancy RAM Feb,27 2026 Drunk AI robot Feb,26 2026 AirSnitch Exposes Critical Flaw: Wi-Fi Client Isolation Broken in Feb,26 2026 Revolutionary Ultrasonic Knife Hits Kitchens: C-200 Vibrates for Feb,26 2026 Apple Scores Historic NATO Security Clearance: iPhone and iPad First Feb,26 2026 Kali Linux Goes AI-Powered: Claude Now Runs Your Pen Tests in Plain Feb,26 2026 Resident Evil Requiem - Stunning on PS5 Pro + PS5/Xbox Series X|S Feb,26 2026 Samsung Galaxy S26 Ultra Flexes Hardware Muscle Over iPhone 17 Pro Feb,26 2026 The Galaxy S26 Ultra has a 'wow' feature with video Lock Feb,26 2026 I built the most BORING PC possible... and here is why it's Feb,26 2026 Micron Blasts GDDR7 as Gaming Bottleneck While Nvidia's RTX 50 Feb,26 2026 UK Tightens Grip on Streaming Giants: Age Verification Now Mandatory Feb,25 2026 Samsung Previews New AI Features Ahead of Flagship Phone Launch Feb,25 2026 China's DeepSeek Bars Nvidia and AMD from New AI Model, Boosts Feb,25 2026 Avast Impersonation Scam: Fake Site Tricks Users into Handing Over Feb,25 2026 Microsoft Pulls the Plug: Windows Server 2016 and 2016-Era Windows Feb,25 2026 I Scrapped 13 MACHINES to Prove a Point: STOP BUYING These Brands! Feb,25 2026 How Stealthy was the 7zip Malware and how to spot it? Feb,25 2026 Microsoft Drops Fresh Non-Security Boost for Windows 11 24H2 and Feb,24 2026 Game-Changer: ASML's 1kW EUV Upgrade Promises 50% Chip Production Feb,24 2026 This Outstanding Cooling Technology Might Have No Future Feb,24 2026 AMD Strix Halo 395 vs Intel Panther Lake - Real Benchmarks Feb,24 2026 Anthropic published a blog post saying Claude can modernize COBOL Feb,24 2026 WhatsApp Goes Beyond 2FA: Extra Password Layer Makes Accounts Nearly Feb,24 2026 Google Chrome Gets February 23 Security Boost with 3 High Fixes Feb,23 2026 Stargate Stalls: OpenAI's $500B Dream Hits Roadblocks as $14B 2026 Feb,23 2026 Google Crushes Cyber Threats: Blocks 1.75 Million Bad Apps and Bans Feb,22 2026 Bitcoin Miner Bitdeer Sells Everything: Treasury Hits Zero in AI Feb,22 2026 HW News - More Valve RAM Shortages, Tariffs Ruling, AI Causes PS6 Feb,22 2026 Microsoft's Deep Integration of Copilot in Windows 11 Raises Feb,22 2026 Elon Musk Confirms X Money Now Live in Internal Beta for Employees, Feb,22 2026 Scream (1996) Flashback Review Feb,22 2026 PayPal Confirms Major Breach: SSNs, Emails, and More Exposed from Feb,22 2026 Does Freezing Help Delidding? 9850X3D Delid & Overclocking Test Feb,22 2026 Microsoft is phasing out the custom primary password feature in its Feb,21 2026 Everyone is Buying the Wrong Dash Cam! (2026) Feb,20 2026 Big Brother on Discord: Leaked Code Shows Age Verification Runs You Feb,19 2026 OpenClaw’s Top Skill is a Malware that Stole SSH Keys and Opened
>> News Archive <<
| |
|
