Android smartphone users understand the risk of being a part of an open ecosystem, but Google has put it some strong blockades to keep malicious actors at bay. But those efforts are not always fool-proof, which result in some malware or spyware slip past Google's security fences into the Android ecosystem.
We keep hearing about various hacks and cyber-attacks happening on Android and other platforms and the trend doesn't end. As sophisticated the protection tools get, hackers improve their ways to attack. Google's Android ecosystem is the world's largest and hosts billions of users on the platform, which means the slightest vulnerability creates huge potential for damage and threat.
In such an instance, a serious vulnerability in Google's own Camera app put millions of users at risk. The Android camera bug affecting Google and Samsung smartphones breached the privacy of users in the most invasive manner, revealed CheckMarx Security Research Team.
The researchers discovered the Android camera bug that could be used to spy on users. Hackers could control the camera through a rogue app on the phone and click photos or even record videos without users suspecting. The researchers were able to leverage the flaw by creating a fake weather app to see the extent of potential damage.
Besides taking photos and videos without users' knowledge, the researchers were able to upload the content on the C&C server, which is normally the action of spyware. Additionally, the researchers were also able to access GPS tags for all photos in the phone to narrow down the user location, operate the camera in complete stealth, record voice calls, and video from victim's side and audio from both sides. The bug also allowed researchers to control the camera when the phone was locked or when the user was on a call.
APP accessed private photos and videos
Finally, the rogue app was able to exploit storage permissions to access private photos and videos in the phone's internal storage. The researchers demonstrated the worst-case scenario and found the bug to be affecting Google's Pixel 2 XL and Pixel 3 phones. Additionally, Samsung also acknowledged that its phones were affected by the camera bug.
But there's no reason to be alarmed. While the seriousness of the bug should really concern you, don't panic or even be in fear. The researchers informed Google about the bug in July and a patch was dispatched in the form of an update to the Google Camera app shortly after.
"We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners," Google said.
All that users need to do right now is head over to the Play Store and check if the Camera is up to date. If there's an update available, make sure you get it installed at the earliest.