Checkmarx's security research team has discovered several vulnerabilities in Google and Samsung smartphones that could allow an attacker to control a device's camera app to remotely take photos, record videos, and even record conversations and conversations To spy on the user's location.
Initially, they examined the Google Camera app on a Pixel 2XL and a Pixel 3 when they discovered multiple vulnerabilities resulting from permissions-evasion issues. Checkmarx has taken further steps and found that these vulnerabilities also affect Samsung's camera app and other Android smartphone providers.
Pedro Umbelino, security research director at Checkmarx, Erez Yalon and senior security researcher of the company, explained how this was possible Use a rogue app to gain control of the Google Camera app in a blog post
"After a detailed analysis of the Google Camera app, our team found that an attacker could gain control of the Google Camera app by manipulating certain actions and intentions. Control the app for photos and / or photos Record videos through an unauthorized application. In addition, we've found that certain attack scenarios allow malicious actors to bypass various storage permissions policies and give them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video record and analyze the right EXIF data. The same technique applies to Samsung's camera app.
Camera App Vulnerabilities
To exploit the vulnerabilities that its team found in the Google Camera app, Checkmarx has developed a malicious application as a proof-of-concept exploit. The weather app she created required no special permissions except the basic memory access common to many other apps on the Google Play Store.
In addition to their weather app, Checkmarx also issued a command and a control server to which the app connects to perform an attacker bidding. Once the app is installed and opened on a user's device, a permanent connection to the command and control server is established and instructions are awaited.
Even if a user closed the app, he would still be connected to it. The server and an attacker could order taking a photo, recording video, recording audio from voice calls, taking GPS tags from photos, and those on the device to access stored data. All photos and videos taken by the app are then uploaded to the server.
With Checkmarx's proof-of-concept exploit, an attacker can even capture video and take photos when the smartphone is locked.
Both Google and Samsung have released fixes for the vulnerabilities. To prevent users from becoming victims of a similar attack, they should upgrade their devices to the latest version of Android, make sure the latest available security patches have been applied, and upgrade their camera app. Good.