Android camera app can be hacked to spy on you, show researchers

By Vignesh Giridharan | Published on Nov 21 2019
Android camera app can be hacked to spy on you, show researchers

Honor Band 5i

Here comes the hottest smart band in town! The USB-enabled HONORBand5i is now available on @Amazon.in. Run and get it now at Rs 1999 only.

Click here to know more

HIGHLIGHTS

A recent report shows how the camera app on Android can be hacked

An attacker could trigger the camera to record video or take photos

They could also access stored photos, GPS metadata, etc.

An attacker hacking into your Android phone’s camera app to view your surroundings and record you is a scary thought but more likely than you probably thought. A recent report published by Israeli security research firm Checkmarx reveals that the camera app from Google and Samsung contains vulnerabilities, which, when exploited, could allow an attacker to gain complete control over the app even if the app’s permissions (for storage, location, etc.) are locked.

In a detailed report and video published a few days ago, the researchers at Checkmarx demonstrate that their mock-up app—a seemingly harmless weather app—was able to hijack the default camera app on a Google Pixel 2 XL running Android 9 Pie. The video shows that Checkmarx’s app was able to record videos, take photos, bypass the camera app’s permissions, access stored media, and retrieve the user’s location through the media file’s GPS metadata.

The report mentions that this sort of a hijack is possible with Samsung’s camera app as well. The report goes on to mention that Google responded by acknowledging the problem and letting Checkmarx know that a fix had already been sent out in July earlier in the year. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”

In the video, the researchers also show a real-life scenario in which this sort of an attack could be dangerous to the user and their data. In the video, an attacker is seen making a call to the victim. When the victim places the phone against their ear, the attacker runs the mock-up hijack app to record video through the phone’s rear camera. The recorded video captures the sensitive data that’s viewed on user’s external display, thus letting the attacker steal data using the hijack app.

logo
Vignesh Giridharan

Progressively identifies more with the term ‘legacy device’ as time marches on.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.