Google has confirmed that Android and Samsung phones can be hacked and exploited by third-party applications that take permission to access the device’s camera.
Not only do these applications have visuals but also stored media files including pictures and videos.
This development was brought forth by Checkmarx’s security research team. Alarming discoveries about Tinder and Amazon Alexa also came out by this team.
They found that when a third-party application requested access to storage, it was given access to the smartphone’s camera as well.
The permission to access the camera and information allowed hackers to tap into the user’s phone and record videos and take images via the camera as well as geolocation.
Unfortunately, storage permissions are very broad and these permissions give access to the entire SD card.
There are a large number of applications, with legitimate use-cases, that request access to this storage, yet have no special interest in photos or videos.
In fact, it’s one of the most common requested permissions observed. -Research Team
In order to provide proof, the team created a mock weather app that only requested basic permission from the user. Once it was granted, the app had access to the camera to capture pics and record vids as shown in the video below.
Furthermore, this security flaw was reported to Google’s Android security team on 4th July and the rest of the vendors were informed later on in August.
Phones are still receiving updates for this vulnerability.
Stay safe and stay tuned to Brandsynario for more news and updates.