Android Camera Bug Allowed Attackers to Access Camera and Microphone Surreptitiously, Without Permission

Checkmarx:

After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so. Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung’s Camera app.

In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call.

Fixed in software updates from Google and Samsung before Checkmarx published this report, but it’s impossible to say if it had been exploited previously. An exploit like this would have been of keen interest to government spook agencies looking for ways to target individuals.

Also, as Dan Goodin reports for Ars Technica, Google has no idea how many Android phones out there remain completely vulnerable to this exploit.

Tuesday, 19 November 2019