Google and Samsung camera app vulnerabilities exposed

Research by application security specialist Checkmarx has revealed that the camera apps on Google and Samsung smartphones can be hacked.

Scott Bicheno

November 20, 2019

2 Min Read
Google and Samsung camera app vulnerabilities exposed

Research by application security specialist Checkmarx has revealed that the camera apps on Google and Samsung smartphones can be hacked.

The findings were published in a blog post by the company, having previously been shared with Google and Samsung to give them a chance to patch the vulnerabilities before the whole world found out about them. So while this isn’t sensational news, because the vulnerability no longer exists, it’s still good PR for Checkmarx and a general Android security wake up call.

“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” said a statement from Google in the blog. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.” The Indian government must have been disappointed.

Specifically it was found that third party apps could exploit the app permission system, through which new apps ask for your permission to access certain smartphone functions. A loophole allowed apps, once they had got permission to access the camera, to give remote control of the camera to baddies, thus allowing them to record what you’re up to.

“In doing so, our researchers determined a way to enable a rogue application to force the camera apps to take photos and record video, even if the phone is locked or the screen is turned off,” said the blog. “Our researchers could do the same even when a user was is in the middle of a voice call… Of course, a video also contains sound. It was interesting to prove that a video could be initiated during a voice call. We could easily record the receiver’s voice during the call and we could record the caller’s voice as well.”

About the Author

Scott Bicheno

As the Editorial Director of Telecoms.com, Scott oversees all editorial activity on the site and also manages the Telecoms.com Intelligence arm, which focuses on analysis and bespoke content.
Scott has been covering the mobile phone and broader technology industries for over ten years. Prior to Telecoms.com Scott was the primary smartphone specialist at industry analyst Strategy Analytics’. Before that Scott was a technology journalist, covering the PC and telecoms sectors from a business perspective.
Follow him @scottbicheno

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like