Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones

  /     /     /  
Publicated : 23/11/2024   Category : security


Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones


Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.



A vulnerability in some Android phones from vendors including Google and Samsung could allow criminals to take control of hundreds of millions of users smartphone camera apps, enabling them to take photos, record videos and audio, and deduce locations — all without users knowledge or consent.
In a blog post Tuesday, Checkmarx researchers Erez Yalon and Pedro Umbelino described how they cracked into the applications themselves that control these cameras to identify potential abuse scenarios. They found permission bypass vulnerabilities, designated CVE-2019-2234, initially in two Google Pixel models that could allow a malicious actor to control the camera and gain access to stored photos, videos, and GPS metadata. The unauthorized activities could be triggered, the researchers wrote, even if a phone is locked, its screen is turned off, or a person is in the middle of a call. They went on to discover other phones running the Android operating system, including those from Samsung, had the same issue.
Yalon and Umbelino provided a proof-of-concept app that demonstrated how the vulnerability could be exploited. Under responsible disclosure procedures, Checkmarx first notified Google of the vulnerability in July. Google has released a patch for its devices via the Play Store and has made the update available to all hardware partners. Samsung and other vendors were notified in mid-August and have since released fixes.
Read more 
here

Check out 
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
How Medical Device Vendors Hold Healthcare Security for Ransom
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones