A new security hole has been found in some Android phones, allowing the camera appspythe user. The loophole allows hackers to take photos, record videos, and record GPS coordinates that accompany images, all without the knowledge of the device owner. The discovery was made by Checkmarx researchers and the results were released on Tuesday (13).
According to the researchers, it was found that applications that allow permission to access the device's storage can also access the camera – in this case without any authorization from the user. According to the report, this indicates that hackers may one day create their own attacks by running a version withoutpatchof the standard camera applications of the devices.
even thoughno attacks have been recordedSo far, the Checkmarx team has been able to successfully create and execute commands that can remotely record phone calls, use the camera and microphone of the device, access the user's location through photos, and even verify that the phone is face down. The raid was tested on a Pixel 2 XL and a Pixel 3 using a fake weather app that required access to cell phone storage.
Both Google and Samsung camera programs, which have not been updated since July this year, are vulnerable to the security issue known asCVE-2019-2234. After the issue was shared with companies in July, both released updates for vulnerable mobile phones. However, Checkmarx's report suggests that many Android smartphones may still be affected.
To protect yourself, you need to check for camera app updates on the Google Play Store. Also, it is recommended to avoid downloading unfamiliar photo, video or audio recording programs as these are some likely methods forhackersinsert malicious codes into the device.
However, if you still don't feel safe and want to make sure your device hasn't been hacked, follow the instructions below:
- Open thesettingsof the device;
- ComesApplications & Notifications;
- click inView all apps;
- Then select theCamera;
- click inAdvanced;
- ChoiceApp Detailsto open the Google Play Store app page. If the app has been updated since July 2019, you are safe.
For other Android devices using Google Camera (manually)
If you're not sure if your phone manufacturer has issued an update to the camera app, one way to find out is to try and exploit the bug yourself.
You will need:
- A computer (running Windows, Max or Linux)
- An android device
- A USB cable to connect them
Once you have these materials, all you have to do is:
1. Download ADB drivers from this link and install them;
2. Then, download the ADB tools and extract the contents of the ZIP archive to an easily accessible folder;
3. If possible, create a folder named ?adb? in the root of C: ;
4. Connect the phone to the computer and leave it in file transfer mode;
5. Open "Command Prompt" as administrator from the "Start Menu";
6. Enter the following command to access the folder where the ADB tools are located:cd c: adb platform-tools;
7. To make sure your phone is being recognized as it should on your computer, enter the command: adb devices. If the word ?appears?unauthorized?, Unlock the phone and grant permission to perform USB debugging;
8. Now start the ADB tool with the command:adb shell;
9.In the window ofpromptof command,run the following commandsone at a time:
adb shell am start-activity -ncom.google.android.GoogleCamera / com.android.camera.CameraActivity ?ezextra_turn_screen_on true -a android.media.action.VIDEO_CAMERA ?ezandroid.intent.extra.USE_FRONT_CAMERA true
adb shell am start-activity -ncom.google.android.GoogleCamera / com.android.camera.CameraActivity ?ezextra_turn_screen_on true -a android.media.action.STILL_IMAGE_CAMERA ?ez android.intent.extra.USE_FRONT_CAMERA true ?eiandroid.intent.extra .TIMER_DURATION_SECONDS 3
11. Open your phone's camera and go to the photo and video library to see if the command worked. If you find any new photos or videos, then the bug is present on your device.
ODigital Lookperformed two tests using the above codes on a Moto G5S and a Xiaomi Mi 9, but failed to find out the failure on either device. Both were with subsequent updates July 2019. Therefore, when the code does not work, the following screen appears, stating that"Activity class does not exist"(The requested class does not exist).
If you haven't updated the camera app recently, check to see if your device has the latest update installed on the Google Play Store. Then test the above ADB commands again, and if they are working and the breach is still active, report the error to your device manufacturer.
Hackers Google Samsung espionage Tips & Tutorials security breach app camera
. (tagsToTranslate) Hackers (t) Google (t) Samsung (t) Spying (t) Tips & Tutorials (t) Security Flaw (t) Application (t) Camera