An Android flaw lets apps secretly access people's cameras and upload the videos to an external server (GOOG, GOOGL)

Business Insider Technology 3 weeks ago

A security flaw in Android's operating system made it possible for malicious apps to hijack a user's smartphone camera, record video and audio, and upload those clips to an external server without the person's knowledge.

The flaw was uncovered by the cybersecurity firm Checkmarx in July, and its findings were published Tuesday, Ars Technica first reported.

Google and Samsung have patched the flaw in their devices, but Google said other Android devices could still be vulnerable, according to Checkmarx. It's not clear how many users were affected.

"We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure," a Google spokesperson told Business Insider in an email. "The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners."

A Samsung spokesperson told Business Insider the company has also released patches to address the issue since being notified by Google. 

"We recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible," the spokesperson said.

Checkmarx developed a proof-of-concept app in order to test a worst case scenario for exploiting the security flaw. Researchers found that their malicious app could easily bypass a security restriction meant to prevent apps from accessing an Android camera without permission.

In addition to secretly recording audio and video, their app was able to track metadata like the GPS location where videos were taken.

"We also found that these same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem ... presenting significant implications to hundreds of millions of smartphone users," Checkmarx research head Erez Yalon wrote in the firm's report.

Here's how to check whether your Android device is vulnerable:

  1. Update your phone's apps. A patch has been rolled out for all Pixel and Samsung devices, so making sure your software is up-to-date is the best way to ensure you're protected.
  2. On Pixel phones, navigate to Settings > Apps and Notifications > Camera > Advanced > App Details. If the app has been updated since July, you're safe.
  3. If you have an Android device that isn't a Pixel or Samsung, run the command listed here. If doing so forces your phone to record a video, you're exposed to the vulnerability.

You can read the full report on Checkmarx's site.


Source link
Read also:
Business Insider › Technology › 2 months ago
Google launched its $5-per-month Play Pass subscription service that gives subscribers access to over 350 apps and games, and removes in-app purchases and ads. The apps and games list will grow on a monthly basis. Play Pass is available in the...
Business Insider › Technology › 6 days ago
Google's Focus Mode for Android, which lets you temporarily pause certain apps, has officially launched. The feature was previously in beta and was announced earlier this year. It's part of Google's effort to cut down on unintentional smartphone use, a...
Business Insider › Lifestyle › 8 hours ago
You can update apps on your Android device either automatically or manually. Android devices frequently update apps as newer versions are released. Visit Business Insider's homepage for more stories. It's common for tech and app developers to...
The Sun › Technology › 0 month ago
ANDROID users are being warned by experts to delete a range of antivirus apps from their phone if they’ve been unfortunate enough to download them. The 15 apps are said to be potentially dangerous but many of them are still available on the Google...
The Sun › Technology › 1 month ago
ANDROID phone owners are being warned about popular apps that ruin your phone and put your security at risk. Dozens of popular apps with millions of downloads have been outed as “malicious” by cyber-experts. One of the apps – designed for...
Business Insider › Lifestyle › 1 month ago
You can download apps on an iPhone for free in the App Store, which offers a wide range of free and paid apps. It's easy to locate free apps on your iPhone by going to the Apps tab in the App Store, and then choosing the category for all the top free...
Business Insider › Entertainment › 2 weeks ago
Project xCloud is a new video game streaming service from Microsoft that lets gamers stream any Xbox One game directly to an Android phone. During its test period, Project xCloud is giving users access to dozens of free games in Microsoft's cloud, or...
Forbes › 1 month ago
This week’s Android Circuit includes the Galaxy S11 camera leak, a new Galaxy S10 for Christmas, Microsoft’s new Office for Android, the damaging Pixel 4 decision, OnePlus rolls out Android 10, Huawei’s return to Google, Bill Gates’ Windows...
Business Insider › Lifestyle › 2 weeks ago
You can save Instagram videos to your iPhone or Android phone in three different cases. It's easy to save your own Instagram videos, or any videos that you've posted to your Instagram story. To save an Instagram video postsed by somebody else, you'll...
Business Insider › Technology › 0 month ago
There are few things more frustrating than repeatedly running into storage limitations on your smartphone. One of the reasons so many people run into the issue is that smartphones can also be high-quality cameras, and users take a lot of photos. But...
Sign In

Sign in to follow sources and tags you love, and get personalized stories.

Continue with Google
OR