Camera flaw allowed Google and Samsung phones to spy on you
What you need to know
- A vulnerability found by security researchers at Checkmarx allowed for an app with only storage permissions to access the camera on your Android phone to take photos and videos.
- The flaw was found to be present in the Google Camera and Samsung Camera apps, as well as other Android OEMs.
- Samsung and Google have since patched the flaw and Google has informed all its OEM partners and issued them patches for the vulnerability.
Recently, a security flaw was made public that allowed the camera on your Android phone to spy on you. The vulnerability was found by security researchers at Checkmarx, and it allowed for an app with only storage permissions to take control of the camera app on your phone to take photos and videos.
The team at Checkmarx found this vulnerability to be present in both the Google Camera and Samsung Camera apps, as well as camera apps from other smartphone makers. In a video demo, Checkmarx used a Pixel 2 XL running Android 9 to show how this flaw worked and several scenarios of how it could be used to spy on you.
It starts by installing an app that only asks for storage permissions on your phone, a permission that is quite common among apps. In this case, Checkmarx used a weather app that then gave an attacker access to your phone with the ability to open the camera app and take photos or videos. Not only could the attacker remotely trigger your camera and view the photos or videos, but they could also view the GPS data to get your location, as well as check the status of the proximity sensor to ensure you were not looking at the phone to see the camera app was active.
Given that the attacker could take video footage, that means they could also record the audio, giving them full access to eavesdrop on your conversations.
Thankfully, Google and Samsung have already patched the vulnerability, with Google doing so back in July with a Play Store update. Google also informed all of its OEM partners about the flaw and sent patches out to them as well.
It just goes to show the importance of regular security updates for phones, and now is as good a time as any to make sure your phone is running the most current OS and all of your apps are up to date.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
Not even messaging, let alone emails. None. But it's probably too late.
And signing in here on my computer is probably dumb move as well. I'll limit my dumb moves to a mininum vulnerability footprint.