Security analyst firm Checkmarx has detailed the discovery of an Android security issue that enables hackers to access a smartphone’s camera app, existing videos and images, audio from the microphone and location information pulled from EXIF data. Though the issue has been fixed on Google and Samsung phones, it remains in many camera apps from other vendors
The security researchers first analyzed the Google Camera app included on the Pixel smartphones. Upon discovering the security vulnerability, which involves ‘manipulating specific actions and intents,’ they found the same issue could be exploited in the Samsung Camera app included in its various smartphone models.
The vulnerability is extensive, according to the researchers. Hackers can access the camera app, use it to capture videos and photos even if the display is turned off or a call is in progress and access content saved to the phone. In addition to accessing the images, hackers could pull the location information from image metadata and use that to locate the handset’s owner.
The exploit introduces a number of privacy issues for users; attackers could use the video recording functionality to record a phone call, for example, and could retrieve sensitive images from the user’s phone for blackmail purposes.
According to Checkmarx, Google confirmed that the issue isn’t limited to the Pixel phones and that it is working with its Android partners ‘to coordinate disclosure.’ Both Google and Samsung released fixes for the security issue in their respective camera apps before Checkmarx published its report. It’s unclear how many phones from other vendors may still be vulnerable to the exploit, however.
Articles: Digital Photography Review (dpreview.com)