+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

An Android flaw lets apps secretly access people's cameras and upload the videos to an external server

Nov 19, 2019, 21:32 IST

Antonio Villas-Boas/Business Insider

Advertisement

A security flaw in Android's operating system made it possible for malicious apps to hijack a user's smartphone camera, record video and audio, and upload those clips to an external server without the person's knowledge.

The flaw was uncovered by the cybersecurity firm Checkmarx in July, and its findings were published Tuesday, Ars Technica first reported.

Google and Samsung have patched the flaw in their devices, but Google said other Android devices could still be vulnerable, according to Checkmarx. It's not clear how many users were affected.

"We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure," a Google spokesperson told Business Insider in an email. "The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners."

Advertisement

A Samsung spokesperson told Business Insider the company has also released patches to address the issue since being notified by Google.

"We recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible," the spokesperson said.

Checkmarx developed a proof-of-concept app in order to test a worst case scenario for exploiting the security flaw. Researchers found that their malicious app could easily bypass a security restriction meant to prevent apps from accessing an Android camera without permission.

In addition to secretly recording audio and video, their app was able to track metadata like the GPS location where videos were taken.

"We also found that these same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem ... presenting significant implications to hundreds of millions of smartphone users," Checkmarx research head Erez Yalon wrote in the firm's report.

Advertisement

Here's how to check whether your Android device is vulnerable:

  1. Update your phone's apps. A patch has been rolled out for all Pixel and Samsung devices, so making sure your software is up-to-date is the best way to ensure you're protected.
  2. On Pixel phones, navigate to Settings > Apps and Notifications > Camera > Advanced > App Details. If the app has been updated since July, you're safe.
  3. If you have an Android device that isn't a Pixel or Samsung, run the command listed here. If doing so forces your phone to record a video, you're exposed to the vulnerability.

You can read the full report on Checkmarx's site.

NOW WATCH: Legendary venture capitalist Ben Horowitz on culture mistakes most companies make, diversity in leadership, and the outlook for crypto

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article