Android Flaw Lets Camera Spy On You Even When Your Phone Is Locked

Android Flaw Lets Camera Spy On You Even When Your Phone Is Locked

A security flaw in Android OS makes it possible for rogue apps to hijack a user’s smartphone camera and take pictures, record video, audio, and upload those files to an external server — all without users’ knowledge, even when the phone is locked!


Cybersecurity firm Checkmarx uncovered these flaws back in July, but the findings were published yesterday. While Google and Samsung have patched this Android flaw in their devices, other smartphones that use Android OS are still vulnerable to it.

So it is quite possible that hundreds of millions of smartphone users could have been susceptible to exploit. Checkmarx disclosed the bugs in CVE-2019-2234, which arises from permission bypass issues.


How does the Android flaw work?


Google is strict when it comes to granting permissions to mobile apps for accessing the camera, microphone, or location services. Hence, users must accept permission requests, but in this case, Checkmarx was able to bypass it.


The camera app on Android usually stores images and videos on an SD card, and this is why apps require storage permissions.


However, storage permissions are very broad, and these permissions give access to the entire SD card. In Checkmarx’s attack scenario, if a malicious app is granted access to the SD card, it can not only access previous photos and videos but also force the photo app to take new images and videos.


What makes it worse is that GPS metadata is often embedded into images, so an attacker can basically parse this data to track a us ..

Support the originator by clicking the read the rest link below.