GOOGLE HACKING CAMERA (WITHOUT PERMISSION)
News Bugs Lets Android Apps Access Camera without Permission
An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos — even when they don't have specific device permissions to do so.
The malicious app designed by the researchers was able to perform a long list of malicious tasks, including:
Google confirmed and addressed the vulnerability in its Pixel line of devices with a camera update that became available in July, and contacted other Android-based smartphone OEMs in late August to inform them about the issue, which the company rated as "High" in severity.
However, Google did not disclose the names of the affected manufacturers and models.
"Since being notified of this issue by Google, we have subsequently released patches to address all Samsung device models that may be affected. We value our partnership with the Android team that allowed us to identify and address this matter directly," Samsung said.
To protect yourself from attacks surrounding this vulnerability, ensure you are running the latest version of the camera app on your Android smartphone.
An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos — even when they don't have specific device permissions to do so.
The malicious app designed by the researchers was able to perform a long list of malicious tasks, including:
- Making the camera app on the victim's phone to take photos and record videos and then upload (retrieve) it to the C&C server.
- Pulling GPS metadata embedded into photos and videos stored on the phone to locate the user.
- Waiting for a voice call and automatically recording audio from both sides of the conversation and video from the victim's side.
- Operating in stealth mode while taking photos and recording videos, so no camera shutter sounds for alerting the user.
Google confirmed and addressed the vulnerability in its Pixel line of devices with a camera update that became available in July, and contacted other Android-based smartphone OEMs in late August to inform them about the issue, which the company rated as "High" in severity.
However, Google did not disclose the names of the affected manufacturers and models.
"Since being notified of this issue by Google, we have subsequently released patches to address all Samsung device models that may be affected. We value our partnership with the Android team that allowed us to identify and address this matter directly," Samsung said.
To protect yourself from attacks surrounding this vulnerability, ensure you are running the latest version of the camera app on your Android smartphone.
Comments
Post a Comment