Hackers can record video or take photos using camera on Android phones

attacker can gain complete control over camera app

11,754

A recent report published by Israeli security research firm Checkmarx reveals that the camera app from Google and Samsung contains vulnerabilities, which, when exploited, could allow an attacker to gain complete control over the app even if the app’s permissions (for storage, location, etc.) are locked.

In a detailed report and video, the researchers at Checkmarx demonstrate that their mock-up app—a seemingly harmless weather app—was able to hijack the default camera app on a Google Pixel 2 XL running Android 9 Pie.

After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so. Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung’s Camera app.

In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call.

The video shows that Checkmarx’s app was able to record videos, take photos, bypass the camera app’s permissions, access stored media, and retrieve the user’s location through the media file’s GPS metadata.

The report mentions that this sort of a hijack is possible with Samsung’s camera app as well.

The report goes on to mention that Google responded by acknowledging the problem and informing Checkmarx that a fix had already been sent out in July earlier in the year.

“The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”

In the video, the researchers also show a real-life scenario in which this sort of an attack could be dangerous to the user and their data. In the video, an attacker is seen making a call to the victim. When the victim places the phone against their ear, the attacker runs the mock-up hijack app to record video through the phone’s rear camera.

The recorded video captures the sensitive data that’s viewed on user’s external display, thus letting the attacker steal data using the hijack app.

Via Checkmarx
Please Login to comment
  Subscribe  
Notify of

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

NewsWire Service
  • BIGipServerwidget2_www_http

Decline all Services
Accept all Services