Friday, November 1, 2024
HomeAndroidAndroid Camera Bug Let Hackers Spy on 100 Million+ Android Users Camera...

Android Camera Bug Let Hackers Spy on 100 Million+ Android Users Camera by Taking Video’s & Photo’s

Published on

Malware protection

Researchers discovered a critical vulnerability in the Android Camera app that allows hackers to remotely control the camera to take photos and/or record video using the malicious app without app permission.

This Android camera vulnerability considers being a serious concern in the Android ecosystem since the advanced camera and video capabilities are playing a massive role in Android users.

Critical permission bypass vulnerabilities initially discovered in the Google Pixel 2 XL and Pixel 3 on-hand Camera app, when digging deeper, researchers found the same vulnerabilities also affected some of the major smartphone vendors such as Samsung.

- Advertisement - SIEM as a Service

It poses a serious threat to hundreds of millions of smartphone users, and the attackers installing the malicious app to gain complete Android Camera access without appropriate permission.

In another attack scenario, attackers bypass the various storage permission policies that give access to the stored videos and photos. it enables them to find the compromised user’s location via GPS metadata by taking photos or video and parsing the proper EXIF data

Attackers can be used this technique for both Google and Samsung Camera app. The Vulnerability can be tracked as (CVE-2019-2234).

“Researchers also find a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call.”

Exploiting the Google Camera Vulnerability

Photos and videos that taking via Android Camera will be stored on the SD card since it falls under the “sensitive data” category, and the other apps that need access to photos and videos required to have special permission (storage permissions).

To do so, AOSP created a specific set of permissions that an application must request from the user.

Basically, storage permissions give broad access to the entire SD card since the permissions are frequently requesting by a large number of applications for a legitimate purpose even it has no special interest in photos or videos. 

To experiment in an attack scenario, Checkmarx researchers tried to access the permission policy by abusing the Google Camera app itself, forcing it to do the work on behalf of the attacker.

This board range of storage access allows a rogue application can take photos and/or videos without specific camera permissions, and it only needs storage permissions to take things a step further and fetch photos and videos after being taken. Additionally, if the location is enabled in the Android Camera app, the rogue application also has a way to access the current GPS position of the phone and user. . Checkmarx said via blog post.

Proof-of-Concept

Researchers developed a proof-of-concept app implemented with basic storage permission and demonstrate the PoC by dividing the 2 parts(client and server).

In the client part, a malicious app running in the Android phone, and a server-part that represents an attacker’s command-and-control (C&C) server.

Once the client apps started, it establishes a connection with the Command & Control server controlled by the attacker and waiting for a further command and the attacker can perform the attack and take control of the Android Camera anywhere in the world.

Watch the following Proof-of-concept video:

Once the attacker C2 Server console could allow him to see which devices are connected and perform various activities.

  • Take a photo on the victim’s phone and upload (retrieve) it to the C&C server
  • Record a video on the victim’s phone and upload (retrieve) it to the C&C server
  • Parse all of the latest photos for GPS tags and locate the phone on a global map
  • Operate in stealth mode whereby the phone is silenced while taking photos and recording videos
  • Wait for a voice call and automatically record:
    • Video from the victim’s side
    • Audio from both sides of the conversation

Google fixed the bug and released an update to the Google Camera Application in July 2019 via Google play store. you can also read the complete report here.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk

Recent analysis has revealed a concerning trend in mobile app security: Many popular apps...

GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections

Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as...