A security vulnerability in the Android framework enabled hackers to attack and exploit the phone’s camera application even without the client’s consent. This Android vulnerability was found on the Google Camera application and Samsung’s camera application.
The Android vulnerability was named CVE-2019-2234 and it was found by the Analyst Security Research Team. The security analysts found that the Pixel 2 XL and Pixel 3 camera applications had permission bypass issues and problems. A similar failure was found on the Samsung camera application to influencing a large number of phones.
This Android vulnerability enabled hackers to take control of the phone’s camera and use it to catch photographs and take recordings also.
Hackers could deal with this through a rogue Android application. Analyst likewise found that hackers could get to recordings and photographs saved on the phone. Progressively intricate details like the GPS metadata and EXIF information of the photographs could be accomplished by hackers.
Since photographs and recordings are typically put away on SD card hackers could without much stress to access them. Analyst likewise clarified how storage authorizations for SD card information can be effectively misused. This exploitation could occur in any event, during voice calls where the hacker could record the whole discussion of the guest and receiver.
“In doing as such, our specialists decided an approach to empower a rogue application to compel the camera applications to take photographs and record video, regardless of whether the phone is locked or the screen is off. Our specialists could do the same in any event, when a client is in a voice call,” Analyst clarified.
We acknowledge Analyst drawing this out into the open and working with Google and Android partners to facilitate exposure,” the organization said in an announcement. “The issue was tended to on affected Google devices by means of a Play Store update to the Google Camera Application in July 2019. A fix has likewise been made accessible to all partners.”
In any case, perhaps Google’s Project Zero authorities should get a break from discovering bugs in iOS to deal with their own security worries, so others don’t need to.
In the wake of having taught Google about the vulnerability, the organization fixed this bug through an update for the Google Camera application. The same was held by other Android producers also.