A Serious Flaw Found In Google And Samsung Camera Apps Gave Hackers All Access

November 19, 2019

The personal data circus recently welcomed a new act — one some consumers might not have known about, but one that definitely needs to be addressed if they haven’t done so already.

According to The Security Research Team at Checkmarx, a vulnerability was found in both the Google and Samsung camera app that allowed hackers to commandeer the app and take photos and/or record videos via a malicious application that had zero permission to go that far.

Making matters worse, the Checkmarx folks found that — depending on how the attacks were set up — a hacker could go into a consumer’s phone, skirt around various permission triggers, and access stored videos/photosb as well as any location data embedded in those files. That nuance is particularly concerning since that data could pinpoint exactly where the user was when the photo/video was taken.

“Our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off,” Checkmarx’ Erez Yalon wrote. “Our researchers could do the same even when a user was in the middle of a voice call.”

The fix is in

Thankfully, companies like Google and Samsung have the ability to act quickly, and they did exactly that when Checkmarx alerted them to the issue.

“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” a Google spokesperson told ConsumerAffairs. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”

By submitting this form, you are consenting to receive marketing emails from: Harlem World Magazine, 2521 1/2 west 42nd street, Los Angeles, CA, 90008, https://www.harlemworldmagazine.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Checkmarx confirms that both Google and Samsung have issued a fix. All the same, every Google or Samsung user should take the time to make sure their respective camera apps are up to date.

“The professionalism shown by both Google and Samsung does not go unnoticed. Both were a pleasure to work with due to their responsiveness, thoroughness, and timeliness,” wrote Yalon.

“This type of research activity is part of our ongoing efforts to drive the necessary changes in software security practices among vendors that manufacture consumer-based smartphones and IoT devices, while bringing more security awareness amid the consumers who purchase and use them. Protecting (the) privacy of consumers must be a priority for all of us in today’s increasingly connected world.”

We're your source for local coverage, we count on your support. SUPPORT US!
Your support is crucial in maintaining a healthy democracy and quality journalism. With your contribution, we can continue to provide engaging news and free access to all.
accepted credit cards

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles