Android Camera bug revealed: Enables apps to capture videos, photos and steal data without consent

A new flaw has been discovered in the Camera app of millions of Android devices. According to the security researchers, the bug allows other apps to record videos, take pictures, and even extract GPS data from the phone without taking permission.

Android apps have the ability to take pictures and execute them to other apps on the device. However, in order to execute them, the other app has to take the required permission.

Researchers at Checkmarx disclosed this new vulnerability in Android Camera app that allows other apps to access media files without consent. The bug called the CVE-2019-2234 is said to affect the Google and Camera apps that have not been updated since July 2019.

How does the bug work?

Checkmarx assessed the Google Pixel’s Camera app and concluded that numerous intents could have been combined to manipulate the camera’s permission setting.

Generally, an app requires a set of permissions to access the media files on a different device.

However, Checkmarx discovered that the app with the ‘Storage’ permission also had the capability to access the Camera and take new photos and videos besides getting hold of the past media files.

This appears as a problematic situation because many apps ask for Storage permission on a regular basis. In fact, Checkmarx says that the Storage permission is the most commonly requested permission and is taken by many apps such as racing games, streaming services, and even weather apps.

In their report, Checkmarx concluded that the latest camera bug in Android could:

· Take pictures and videos even if the phone is locked

· Take GPS location data from stored photos

· Listen in on the conversations even when recording video and taking pictures

· Toggle with the camera shutter so the targeted person cannot hear the pictures being taken

· Transfer the previously saved photos and videos on the SD card

Camera apps fixed in July 2019

Checkmarx revealed the vulnerability to Google on July 4 and by the 23rd of the same month, Google had put the bug on ‘high’ classification.

On August 1, Google confirmed the findings of the research company and agreed that the vulnerability does affect the camera of both – Google and Samsung phones.

According to Google, the vulnerability was fixed in July 2019 and an updated patch was issued to all the vendors. Google also advises its user base to upgrade their Android devices to the latest version to ensure enhanced protection.

Read next: DeepMind powering the Google Play Store’s app recommendation system is the News of the Week

Featured Photo: Gettyimages
Previous Post Next Post