Experts have warned regarding several new vulnerabilities affecting Google and Samsung smartphones that may permit an attacker to take control of a device’s camera app to remotely take photos, record video and even spy on user’s conversations and location.
The flaws were discovered by the Checkmarx security analysis team, that at first began researching the Google Camera app on a pixel 2XL and component three when they discovered multiple vulnerabilities stemming from permission bypass problems.
Checkmarx dug additional and found that these same vulnerabilities additionally impact Samsung’s camera app and alternative android smartphone vendors moreover.
Camera App vulnerability Found :-
After an in-depth analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a villain application that has no permissions to do so.”
To take advantage of the vulnerabilities its team found in the Google Camera app, Checkmarx developed a malicious application as a proof of idea exploits. The weather app it created didn’t need any special permissions besides basic storage access that is commonplace permission requested by several different apps on the Google Play Store.
However, additionally to its weather app, Checkmarx also started a command and management server that the app connects to for the aim of completing an attacker’s bidding. Once the app is put in and has been opened on a user’s device, it creates a persistent affiliation to the command and management server and waits for directions.
Even if a user were to shut the app, it might still be connected to the server and an attacker could command it to require a photograph, record video, record audio from voice calls, capture GPS tags from photos and access the information keep on the device. All of the photos and videos were taken by the app would then be uploaded to the server.
The proof of concept exploit created by Checkmarx would even enable an assailant to record video and take photos if the smartphone was locked.