Issue With Android Cameras Give Access To Your Device To Hackers
By: Jim Stickley and Tina Davis
December 9, 2019
Android users should update their smartphones right away. That’s the warning from Google and the security company Checkmarx after researchers at the latter discovered a serious issue with the camera functionality on Android on the Pixel and Samsung devices. The problem is that someone with not so great intentions could take control of the cameras and use them to spy on the users, including recording video and audio. Yikes!
Some of the actions that can be taken if this is exploited include:
- Taking a photo and uploading to the command server
- Recording video and uploading it
- Monitoring the smartphone’s proximity sensor and record audio from both sides of a conversation when the phone is lifted to the ear
- Capturing GPS tags and use them to locate the phone’s owner
- Accessing the photo and video activity whether or not the device is unlocked
There are a few others as well, but honestly, this list is enough for everyone to take a minute or two and update their devices. Make sure they are all on the latest editions. If that little annoying indicator is there, you need to update. Google did issue a patch for this shortly after the researchers let them in on the news. So, kudos to them for taking it seriously. If you want to dig into this more, check out CVE-2019-2234.
A concern to the researchers and others is that this didn’t require any crazy out of the ordinary permissions to succeed. In fact, the proof of concept (PoC) from the researchers just asked for a “commonplace” permission; basic storage access. This wouldn’t normally set off any alarm bells for users. But this is a reminder to pay attention to what access your apps are requesting. If you are downloading a weather app (which is what the researchers created for their PoC), for example, it likely doesn’t need access to your camera or microphone.
Be sure to read the requests when installing these and remember not to download apps from anywhere other than the official stores for your device. While apps in there are sometimes are found to be malicious, by and large, they are not. However, those that don’t go into the stores are not typically subject to as much security scrutiny. Always read reviews of the apps and if anything doesn’t seem on the up and up, just skip it.