Android users are at risk of being recorded, according to the latest reports coming from The Next Web.
It’s been revealed that Google disclosed a vulnerability in Android which seems to have made it possible for hackers to hijack your camera and secretly capture photos and record footage.
The worst thing is that this could have happened even when the phone was locked or the screen was off.
Bypass issues in the Google Camera app
According to the reports, the bug was discovered by researchers from Checkmarx, and it seems to have stemmed from permission bypass issues in the Google Camera app.
The issue (filed under CVE-2019-2234) has first affected the Pixel phones, but further spread over to devices from Samsung and more manufacturers.
“An attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so,” the researchers wrote, as cited by the online publication mentioned above.
The reports continue and say, “Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data.”
It’s been also revealed that the security firm has demonstrated a Proof-of-Concept of the attack in a video that you can see above.
The bug has been eliminated.
Google also acknowledged the issue and released a statement about the unfortunate event.
“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” the tech giant said.
They continued and said that “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”