|
|
Google Camera Flaw (Android) - TechAmok
Google Camera Flaw (Android) - [security]
03:53 PM EST - Nov,19 2019 - post a comment The thought of a stranger hijacking your camera and being able to see what you are doing without your knowledge is the stuff of nightmares for most people. Our phones tend to follow us into every area of our lives. Checkmarx decided to see if the cameras that are built into Android phones might be vulnerable to hacking. For their testing, the team took a Pixel 2 XL and Pixel 3 smartphone and began to probe the Google Camera app. The team found that there were a number of "concerning vulnerabilities" in the Google Camera app.
They also found that the same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem. They specifically cited Samsung's camera app as vulnerable. The team found in testing that by manipulating specific actions and intents, an attacker can control the app to take photos and record photos through a rogue process that should have no permission to do so.
Checkmarx also notes that it found specific attack scenarios that could enable malicious actors to circumvent various storage permission policies to give them access to stored videos and photos along with GPS metadata embedded in photos; that data could be parsed to locate the user. One way the researchers found enabled a rogue application to force the camera to take pictures and record videos even if the phone is locked or the screen turned off. The researchers were able to force video and images to be taken even when the user was in the middle of a voice call.
Allowing an app to receive input from the camera, mic, and GPS location is highly invasive, according to Google (or course). The team was able to design an attack scenario that circumvents the permission policy by abusing the Google Camera app itself. The vulnerability has to do with giving permissions to external storage, which provides an app with access to the entire SD card. The team says that when activated during a voice call, the hacker could record the voices on both ends of a conversation.
Checkmarx says that it has already notified Google of its findings, and the company updated vulnerable versions of the Camera App in July 2019. |
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
May,19 2025 Windows 10 emergency update KB5061768 fixes BitLocker boot loops - May,19 2025 2025 AUDI S5 AVANT // 0-100 100-200 TOP SPEED POV & SOUND May,18 2025 Jurassic World Rebirth - Official 'Alert' Teaser Trailer (2025) May,18 2025 F1 25 and F1 The Movie hand in hand May,17 2025 Everyone is Cooling Their PC Wrong May,16 2025 M5 KILLER? Testing the MERCEDES E63S AMG! May,16 2025 Samsung Fully Reveals 5.8mm-Thick Galaxy S25 Edge May,16 2025 Apple Intros New Accessibility Apps, Plus Accessibility "Labels" May,16 2025 Americana - Official Trailer (2025) Sydney Sweeney, Halsey, Simon May,16 2025 Aston Martin x Apple CarPlay Ultra - Next generation of automotive May,15 2025 Google TAG deleted 23,000+ YouTube channels in January, February, May,14 2025 NVIDIA GeForce Game Ready 576.40 WHQL Driver Released May,13 2025 F1 - Official Trailer #2 (2025) Brad Pitt, Damson Idris, Kerry May,11 2025 The Old Guard 2 - Official Trailer (2025) Charlize Theron, KiKi May,11 2025 I think I know why Ryzen 9000 Series CPUs are Dying...(!) May,10 2025 Is Windows Defender good enough in 2025? May,09 2025 AMD Adrenalin 25.5.1 Driver Released for Doom: The Dark Ages May,09 2025 Ripple SEC Grip OVER, XRP Freedom of USE, Market MODE BULL RUN May,08 2025 "Is x86 Actually Screwed?" ft. Wendell of Level1 Techs - May,07 2025 Android's New Design Guidelines Leaked May,06 2025 Grand Theft Auto VI trailer #2 May,05 2025 Microsoft's Dirty Secret: Your Old PC is Now Trash! May,04 2025 No Noise Cancelling? GOOD. Unboxing the nwm One Headphones & First May,04 2025 NEW! 2025 Audi S5 (367hp) | 0-258 km/h acceleration May,02 2025 Bugatti Bolide vs Nurburgring. 1825 HorsePower Insanity May,01 2025 This will be the largest tech Yard Sale EVER! Insanely low prices on May,01 2025 Skoda Kodiaq RS 245 // 0-100 100-200 TOP SPEED POV & SOUND May,01 2025 Disable or Uninstall Windows Recall to Protect Your Data Privacy May,01 2025 A new Alternative to Nextcloud? OpenCloud presented and local Apr,29 2025 NVIDIA GeForce Hotfix Driver 576.26 Available Apr,28 2025 2025 Porsche 911 992.2 GTS T HYBRID | SOUND 0-100 100-200 200-300 & Apr,28 2025 We Made Perfect Thermal Paste in a Factory, ft. Der8auer | Made In Apr,28 2025 Cyber Security Company CEO Arrested for Installing Malware on Apr,27 2025 This Kid Made his Own Laptop and it's AMAZING! Apr,26 2025 How is this SO CHEAP? - Ubiquiti Cloud Gateway Fiber Apr,26 2025 Ripple president on stablecoins, Trump and tokenization Apr,26 2025 T-Mobile Launches 5G Advanced Apr,25 2025 540HP BMW E46 M3 5.0 V10 // 300KMH REVIEW on AUTOBAHN Apr,25 2025 Has Nvidia Given Up? Apr,23 2025 AMD Software Adrenalin 25.4.1 Beta Drivers Released
>> News Archive <<
| |
|
