A security research team at Checkmarx made an alarming discovery about a vulnerability that left hundreds of millions of Android users prone to hackers looking to hijack the camera on their phones. The researchers discovered a way for a rogue application to take control of the camera and use it even when the camera app was closed.
“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx, said, “Making it possible for any application, without specific permissions, to control the Google Camera app. This same technique also applied to Samsung’s Camera app.”
Once the rogue app was installed, it would work in the background and give hackers remote access to the phone's camera, microphone, and even the GPS. They could use a phone's proximity sensor to determine when a user put the phone near their face while talking, allowing the hackers to record private conversations.
Checkmarx notified Google about the vulnerability over the summer, and a patch was rolled out to fix the issue.
"We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure," a Google spokesperson said in a statement. "The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners."
Photo: Getty Images