|
|
Google Camera Flaw (Android) - TechAmok
Google Camera Flaw (Android) - [security]
03:53 PM EST - Nov,19 2019 - post a comment The thought of a stranger hijacking your camera and being able to see what you are doing without your knowledge is the stuff of nightmares for most people. Our phones tend to follow us into every area of our lives. Checkmarx decided to see if the cameras that are built into Android phones might be vulnerable to hacking. For their testing, the team took a Pixel 2 XL and Pixel 3 smartphone and began to probe the Google Camera app. The team found that there were a number of "concerning vulnerabilities" in the Google Camera app.
They also found that the same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem. They specifically cited Samsung's camera app as vulnerable. The team found in testing that by manipulating specific actions and intents, an attacker can control the app to take photos and record photos through a rogue process that should have no permission to do so.
Checkmarx also notes that it found specific attack scenarios that could enable malicious actors to circumvent various storage permission policies to give them access to stored videos and photos along with GPS metadata embedded in photos; that data could be parsed to locate the user. One way the researchers found enabled a rogue application to force the camera to take pictures and record videos even if the phone is locked or the screen turned off. The researchers were able to force video and images to be taken even when the user was in the middle of a voice call.
Allowing an app to receive input from the camera, mic, and GPS location is highly invasive, according to Google (or course). The team was able to design an attack scenario that circumvents the permission policy by abusing the Google Camera app itself. The vulnerability has to do with giving permissions to external storage, which provides an app with access to the entire SD card. The team says that when activated during a voice call, the hacker could record the voices on both ends of a conversation.
Checkmarx says that it has already notified Google of its findings, and the company updated vulnerable versions of the Camera App in July 2019. |
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Jul,20 2025 LAMBORGHINI URUS *STAGE 1* // REVIEW on AUTOBAHN Jul,20 2025 THE BEST VW GOLF GTI I've Driven! Proper ClubSport Jul,19 2025 Intel Core Ultra 9 275HX vs AMD Ryzen 9 9955HX - Which CPU is Best? Jul,18 2025 LAMBORGHINI REVUELTO V12 // 370KMH REVIEW on UNLIMITED AUTOBAHN! Jul,18 2025 Mortal Kombat II - Official Trailer Jul,17 2025 Stranger Things 5 - Official Teaser Jul,14 2025 Google Is Selling Fake Products - WAN Show July 11, 2025 Jul,12 2025 Hacked by playing Call of Duty WW2 on Gamepass? Jul,12 2025 2025 VW Golf GTE // TOP SPEED REVIEW on AUTOBAHN Jul,11 2025 NEW Audi RS3 v cheapest used RS3: DRAG RACE Jul,10 2025 A critical security vulnerability in Microsoft Remote Desktop Client Jul,10 2025 Samsung Z Fold/Flip 7 Impressions: Major Upgrades! Jul,08 2025 Gmail's latest feature helps you get rid of those pesky emails from Jul,06 2025 I'm an idiot and still made top 5... here's how Jul,05 2025 The Fantastic Four: First Steps - Official 'Lift Off' Teaser Jul,04 2025 Samsung Galaxy Z Fold 7 - Hands on Look Jul,04 2025 RTX 5070 Ti vs RTX 5080 - Is 5080 Gaming Laptop Worth More $$$? Jul,04 2025 FIRST DRIVE: Praga Bohema - Crazy Hypercar Driven! Jul,03 2025 Ballerina - Exclusive John Wick Deleted Scene (2025) Keanu Reeves, Jul,03 2025 Call of Duty: WWII - Remote Code Execution Warning (PC Game Pass) Jul,02 2025 1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN Jul,01 2025 Nvidia Drivers (V 576.80 vs V 576.88) - Test In 12 Games - RTX 4060 Jun,30 2025 AMD Adrenalin 25.6.3 Driver Is Available Jun,30 2025 NVIDIA GeForce RTX 5080 SUPER Could Feature 24 GB Memory, Increased Jun,29 2025 Guess What Nvidia Did THIS Time Jun,28 2025 The 10 Best Dinosaur Movies of All Time Jun,28 2025 Microsoft officially confirms that Windows 11 version 25H2 is coming Jun,26 2025 Eddington - Official Trailer 2 (2025) Joaquin Phoenix, Pedro Pascal Jun,25 2025 Microsoft Say System Restore Points Now Expire After 60 Days Jun,25 2025 Facebook, Netflix, and Microsoft Websites Hijacked to Insert Fake Jun,24 2025 I put a $3000 GPU in my Average PC... It Was a Mistake Jun,24 2025 Best External SSD for Mac 2025: After Weeks of Testing, Here's What Jun,23 2025 Mostly boob jokes this week (RTX 5090 DD) - Tech News June 22 Jun,21 2025 Superman - Official 30 Second Spot (2025) Jun,21 2025 'The fastest road car I've ever been in!' - Ferrari F80 track day Jun,20 2025 CPU SCAM: AMD Ryzen 9800X3D Counterfeits & Fraud Jun,19 2025 28 Years Later Review Jun,18 2025 HW News - NVIDIA "N1x" CPU Leak, ASUS Xbox ROG Ally, More Intel Jun,17 2025 NVIDIA GeForce 576.80 WHQL Driver Jun,16 2025 The Fantastic Four: First Steps - Official 'H.E.R.B.I.E.' Teaser
>> News Archive <<
| |
|
