Checkmarx, a renowned security firm has discovered a major security threat in Android’s Camera app. The security flaw was found in Android Smartphones from companies like Samsung and Google that allows apps to record video, take photos, and capture audios from the app. After collecting the data, the same server uploads your content on various apps.
Android prevents third-party apps and from accessing the camera and the microphone on a smartphone. To access the data from the smartphone, users will be asked to give permission to those apps and only then the apps will be able to access the camera or audio files.
But the Security Firm has found that an app could use user’s audio files and other tools including a microphone to capture video and record audio files without the consent from the users. Most of the apps first ask users for their permission before accessing the camera roll and other files from the phone.
The Security Firm first tested out Google’s Camera App on the Pixel 2XL and Pixel 3 smartphones. The company has found many vulnerabilities in the Google Camera app. These vulnerabilities allow the attacker to bypass user permissions. The same technique was used by the company in Samsung’s camera app and found the same issue.
Furthermore, the security firm has also claimed that the same apps have affected hundreds of millions of users globally. Due to this vulnerability, the third-party app allows the attackers to have the full access of the camera roll, audio files and other data of the users. GPS data can also be accessed by the attackers due to this vulnerability.
The company’s researchers team has created a malicious app to bypass the same data from the Camera app just to demonstrate how this app is collecting the users’ data without their consents.
The Malicious app could access all the data from the user’s smartphone including the camera app, audio files, microphone, geolocation etc. With the same method, attackers could take photos and record videos as well.
When you close down the app, the server connection will remain connected and the data can be accessed and fetched by the attackers from the same app. This is a serious matter and the companies must have to acknowledge this issue as soon as possible.
For the latest tech news and updates, Install TechCodex App and follow us on Facebook and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.