A new bug in Android smartphones has been discovered that could let hackers spy on you through your smartphone camera.
The bug, dubbed CVE-2019-2234, was discovered by the Checkmarx Security Research Team.
In a blog about the findings, researcher Erez Yalon wrote: “Having a Google Pixel 2 XL and Pixel 3 on-hand, our team began researching the Google Camera app, ultimately finding multiple concerning vulnerabilities stemming from permission bypass issues.
“After further digging, we also found that these same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem – namely Samsung – presenting significant implications to hundreds-of-millions of smartphone users.”
Worryingly, the bug could allow hackers to control the Google Camera or Samsung Camera apps and take photos or record videos of the user, according to the researchers.
Additionally, the researchers found that certain attack scenarios could allow hackers to access stored videos and photos, as well as GPS metadata associated with them.
Mr Yalon added: “Our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off.
“Our researchers could do the same even when a user was is in the middle of a voice call.”
Following their discovery, the researchers reported the bug to Google, who discovered that the issue affected all Android smartphones, and not just Google Pixel devices.
Google said: “We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure.
“The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
Source: Read Full Article