Monday, October 7, 2024
HomeAndroidAndroid Camera Bug Let Hackers Spy on 100 Million+ Android Users Camera...

Android Camera Bug Let Hackers Spy on 100 Million+ Android Users Camera by Taking Video’s & Photo’s

Published on

Researchers discovered a critical vulnerability in the Android Camera app that allows hackers to remotely control the camera to take photos and/or record video using the malicious app without app permission.

This Android camera vulnerability considers being a serious concern in the Android ecosystem since the advanced camera and video capabilities are playing a massive role in Android users.

Critical permission bypass vulnerabilities initially discovered in the Google Pixel 2 XL and Pixel 3 on-hand Camera app, when digging deeper, researchers found the same vulnerabilities also affected some of the major smartphone vendors such as Samsung.

- Advertisement - EHA

It poses a serious threat to hundreds of millions of smartphone users, and the attackers installing the malicious app to gain complete Android Camera access without appropriate permission.

In another attack scenario, attackers bypass the various storage permission policies that give access to the stored videos and photos. it enables them to find the compromised user’s location via GPS metadata by taking photos or video and parsing the proper EXIF data

Attackers can be used this technique for both Google and Samsung Camera app. The Vulnerability can be tracked as (CVE-2019-2234).

“Researchers also find a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off. Our researchers could do the same even when a user was is in the middle of a voice call.”

Exploiting the Google Camera Vulnerability

Photos and videos that taking via Android Camera will be stored on the SD card since it falls under the “sensitive data” category, and the other apps that need access to photos and videos required to have special permission (storage permissions).

To do so, AOSP created a specific set of permissions that an application must request from the user.

Basically, storage permissions give broad access to the entire SD card since the permissions are frequently requesting by a large number of applications for a legitimate purpose even it has no special interest in photos or videos. 

To experiment in an attack scenario, Checkmarx researchers tried to access the permission policy by abusing the Google Camera app itself, forcing it to do the work on behalf of the attacker.

This board range of storage access allows a rogue application can take photos and/or videos without specific camera permissions, and it only needs storage permissions to take things a step further and fetch photos and videos after being taken. Additionally, if the location is enabled in the Android Camera app, the rogue application also has a way to access the current GPS position of the phone and user. . Checkmarx said via blog post.

Proof-of-Concept

Researchers developed a proof-of-concept app implemented with basic storage permission and demonstrate the PoC by dividing the 2 parts(client and server).

In the client part, a malicious app running in the Android phone, and a server-part that represents an attacker’s command-and-control (C&C) server.

Once the client apps started, it establishes a connection with the Command & Control server controlled by the attacker and waiting for a further command and the attacker can perform the attack and take control of the Android Camera anywhere in the world.

Watch the following Proof-of-concept video:

Once the attacker C2 Server console could allow him to see which devices are connected and perform various activities.

  • Take a photo on the victim’s phone and upload (retrieve) it to the C&C server
  • Record a video on the victim’s phone and upload (retrieve) it to the C&C server
  • Parse all of the latest photos for GPS tags and locate the phone on a global map
  • Operate in stealth mode whereby the phone is silenced while taking photos and recording videos
  • Wait for a voice call and automatically record:
    • Video from the victim’s side
    • Audio from both sides of the conversation

Google fixed the bug and released an update to the Google Camera Application in July 2019 via Google play store. you can also read the complete report here.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Hackers Attacking AI Agents To Hijacking Customer Sessions

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which...

Malicious App On Google Play Steals Cryptocurrency From Android Users

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto...