Checkmarx Security Research Team managed to hack into the Android camera app unravelling multiple concerning vulnerabilities. The vulnerability referred to as CVE-2019-2234, permits the attacker to take control of the camera app and capture photos and record video from a rogue app. This works even when the screen is turned off and phone is locked.
Vulnerability in Action
The below video shows how an attacker can utilise this vulnerability to gain access to confidential documents via a phone call!
The attacker is able to,
- Take a photo or record a video and upload it to a server for retrieval
- Parse GPS tags on the photos and locate the phone on map
- Spy in stealth mode with the phone put in silent
- Record voice calls
How to Stay Safe?
Checkmarx research team has contacted Google and Android Partners and their recommendation is to keep the phone updated with the latest software patches.
As you know by now, the implications of Android camera vulnerability is very serious and hence those who care about their privacy must update as soon as the patches are available.