In this article we can read how researchers from Checkmarx uncovered a serious security flaw in Android that allows for apps to record video and audio without requesting permissions to do so, and then upload them to a command and control server. This flaw is now patched in Google and Samsung phones, but other manufactures may also be affected by it.
After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents , an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so. Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data . This same technique also applied to Samsung’s Camera app.
In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call.
To properly demonstrate how dangerous this could be for Android users, our research team designed and implemented a proof-of-concept app that doesn’t require any special permission beyond the basic storage permission.
The weakness, which is tracked as CVE-2019-2234, also allowed would-be attackers to track the physical location of the device, assuming GPS data was embedded into images or videos.
Google closed the eavesdropping hole in its Pixel line of devices with a camera update that became available in July. Checkmarx said Samsung has also fixed the vulnerability, although it wasn't clear when that happened.
Checkmarx said Google has indicated that Android phones from other manufacturers may also be vulnerable. The specific makers and models haven't been disclosed.
The weakness, which was discovered by researchers from security firm Checkmarx, represented a potential privacy risk to high-value targets, such as those preyed upon by nation-sponsored spies.
Do you think that only high-value targets will be exploited, or do you also believe that it can be largely used against the normal citizen?