|
|
Google Camera Flaw (Android) - TechAmok
Google Camera Flaw (Android) - [security]
03:53 PM EST - Nov,19 2019 - post a comment The thought of a stranger hijacking your camera and being able to see what you are doing without your knowledge is the stuff of nightmares for most people. Our phones tend to follow us into every area of our lives. Checkmarx decided to see if the cameras that are built into Android phones might be vulnerable to hacking. For their testing, the team took a Pixel 2 XL and Pixel 3 smartphone and began to probe the Google Camera app. The team found that there were a number of "concerning vulnerabilities" in the Google Camera app.
They also found that the same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem. They specifically cited Samsung's camera app as vulnerable. The team found in testing that by manipulating specific actions and intents, an attacker can control the app to take photos and record photos through a rogue process that should have no permission to do so.
Checkmarx also notes that it found specific attack scenarios that could enable malicious actors to circumvent various storage permission policies to give them access to stored videos and photos along with GPS metadata embedded in photos; that data could be parsed to locate the user. One way the researchers found enabled a rogue application to force the camera to take pictures and record videos even if the phone is locked or the screen turned off. The researchers were able to force video and images to be taken even when the user was in the middle of a voice call.
Allowing an app to receive input from the camera, mic, and GPS location is highly invasive, according to Google (or course). The team was able to design an attack scenario that circumvents the permission policy by abusing the Google Camera app itself. The vulnerability has to do with giving permissions to external storage, which provides an app with access to the entire SD card. The team says that when activated during a voice call, the hacker could record the voices on both ends of a conversation.
Checkmarx says that it has already notified Google of its findings, and the company updated vulnerable versions of the Camera App in July 2019. |
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Nov,01 2025 Battlefield REDSEC - Official Live-Action Trailer Nov,01 2025 What's the Best PC Upgrade (besides CPU/GPU)? Oct,31 2025 Directive 8020 - RTX On Trailer Oct,30 2025 Stranger Things 5 - Official Trailer Oct,29 2025 AMD Releases Software Adrenalin Edition 25.10.2 WHQL Drivers Oct,29 2025 Exploding AMD CPUs | Investigating ASRock's Murderboards Oct,29 2025 Setting Up Our First Huge Gaming Event was CHAOS Oct,27 2025 Malware of the Future: What an infected system looks like in 2025 Oct,27 2025 F1: Race Highlights | 2025 Mexico City Grand Prix Oct,26 2025 F1: Qualifying Highlights | 2025 Mexico City Grand Prix Oct,25 2025 New Big Windows 11 25H2 October Update - New Taskbar Battery Icons Oct,25 2025 Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party Oct,24 2025 HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel Oct,21 2025 Retro Gaming PC Upgrades go WRONG! Oct,21 2025 How social media has ruined us - the more time you spend online, the Oct,20 2025 FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN Oct,20 2025 ROG Xbox Ally X - a PC Gamer's Perspective Oct,20 2025 Race Highlights | 2025 United States Grand Prix Oct,18 2025 RedMagic Puts Liquid Cooling in its New Gaming Phone Oct,18 2025 Russia Says U.S. Is Planning a $37 Trillion Crypto Reset Oct,18 2025 Tor Browser says no to Firefox's AI features as it removes them Oct,14 2025 NVIDIA GeForce 581.57 WHQL Driver Oct,13 2025 Samsung One UI 8.5 vs iOS 26 - COMPARISON Oct,12 2025 Google Turned Down by Supreme Court, Must Open up App Payments Oct,10 2025 AMD releases new 25.10.1 preview graphics driver with Battlefield 6 Oct,10 2025 MERCY Official Trailer (2026) Chris Pratt Oct,07 2025 Galaxy S26 Ultra - Samsung, Please Don't Copy This Oct,06 2025 Canada's Las Vegas Sphere is here - and I game on it Oct,06 2025 Predator: Badlands - Official Final Trailer (2025) Oct,04 2025 Chasing a Gaming World Record Oct,02 2025 Frankenstein - Official Trailer (2025) Guillermo del Toro, Oscar Oct,02 2025 iPhone 17 Pro Max vs 16 Pro Max / Pixel 10 Pro XL / Galaxy S25 Ultra Sep,30 2025 iOS 26.0.1 is Out! - What's New? Sep,30 2025 NEW! 2026 Audi Q3 2.0 TFSI (265hp) vs. e-hybrid (272hp)| 0-100 km/h Sep,29 2025 Samsung One UI 8.5 Hands on - I Was Wrong Sep,28 2025 iPhone Air Teardown - What is 3D Printed Titanium? Sep,28 2025 Nvidia Wouldn't Send Me This $30,000 GPU - H200 Holy $H!T Sep,27 2025 The Astronaut - Official Trailer (2025) Kate Mara, Laurence Sep,25 2025 iPhone 17 Durability Test -- What Scratches are Permanent? Sep,23 2025 iPhone 17 Pro Max vs. Galaxy S25 Ultra Drop Test!
>> News Archive <<
| |
|
