New Delhi -°C
Today in New Delhi, India

Jan 24, 2020-Friday
-°C

Humidity
-

Wind
-

Select city

Metro cities - Delhi, Mumbai, Chennai, Kolkata

Other cities - Noida, Gurgaon, Bengaluru, Hyderabad, Bhopal , Chandigarh , Dehradun, Indore, Jaipur, Lucknow, Patna, Ranchi

Home / Tech / This Android camera app bug allowed hackers to secretly take photos, videos of users

This Android camera app bug allowed hackers to secretly take photos, videos of users

This Android vulnerability allowed hackers to take photos and videos and even access stored data on Pixel and Samsung phones.

tech Updated: Nov 20, 2019 14:29 IST
HT Correspondent
HT Correspondent
Hindustan Times
Google camera app for Pixel phones were affected by this bug.
Google camera app for Pixel phones were affected by this bug.(Bloomberg)
         

A security vulnerability in the Android system allowed hackers to exploit the phone’s camera app even without the user’s permission. This Android vulnerability was found on the Google Camera app and Samsung’s camera app.

The Android vulnerability was classified as CVE-2019-2234 and it was discovered by Checkmarx Security Research Team. The security researchers discovered that the Pixel 2 XL and Pixel 3 camera app had permission bypass issues. The same vulnerability was found on the Samsung camera app as well affecting hundreds of millions of smartphones.

This Android vulnerability allowed hackers to take control of the smartphone’s camera and use it to capture photos and record videos as well. Hackers could manage this through a rogue Android app. Checkmarx also discovered that hackers had the potential to access videos and photos saved on the phone. More intricate details like the GPS metadata and EXIF data of the photos could be attained by hackers.

Since photos and videos are usually stored on SD card hackers could easily access them. Checkmarx also explained how storage permissions for SD card data can be easily exploited. This exploitation could take place even during voice calls where the hacker could record the entire conversation of the caller and receiver both.

“In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call,” Checkmarx explained.

 

After having informed Google about the vulnerability, the company patched this bug through an update for the Google Camera app in July. The same was provided for other Android manufacturers as well.