Happy new year 2021 to all our members and visitors ! Coronavirus safety tips From Admin!! 1. Wash your hands with running water 2. Donít cough in your hands 3. Drink water frequently 4. Avoid close contacts . 4. Donít shake hands or hug 5. Stay at home if possible !! Together we can stay healthy and stay safe!!Click Here To Last longer In Bed[Stay amused>>>Donít be a one minute Foul]>>> Love need Tips-See how Here


Author Topic: Android camera app vulnerability affected hundreds of millions of phones  (Read 11793 times)

0 Members and 1 Guest are viewing this topic.

gurutek

  • Sr. Member
  • ****
  • Posts: 453
    • View Profile
Internet security firm Checkmarx has discovered (via Forbes) vulnerabilities related to permission bypass issues. After researching this on a Google Pixel 2 XL and Pixel 3, Checkmarx says that the same vulnerabilities are found on the camera apps used on other Android phones including those manufactured by Samsung. With this in mind, the number of smartphone users carrying around this issue on their phones is estimated to be in the hundreds of millions. Erez Yalon, director of security research at Checkmarx said, "Our team found a way of manipulating specific actions and intents making it possible for any application, without specific permissions, to control the Google Camera app. This same technique also applied to Samsung's Camera app."


By exploiting the vulnerability, an attacker could use a rogue application to force the camera on affected phones to snap pictures and record videos even when the phone is locked or the screen is turned off. You can understand how dangerous this vulnerability is. Checkmarx researchers were even able to remotely snap photos on a phone that was in the middle of a voice call. The vulnerability itself bypasses the permission system, but the rogue application that snaps the photos and videos can also gain access to them by obtaining storage permission. If location is enabled for the camera app, it means that the attacker can discover the current location of the user. The location of the attacker, on the other hand, could be anywhere on the planet.
Had this vulnerability been exploited, it could have cost Android device owners some serious money

To show how dangerous this vulnerability is, Checkmarx developed a "proof of concept" app that required no special permissions outside of the aforementioned storage permission. There were two parts to this app; one represented the malicious app installed on an Android phone, and the other part represented the attacker's command-and-control server. The app that was developed for the PoC was a malicious weather app that connects to the command-and-control server, waiting for instructions from it. This connection persists even if the malicious app is closed.



 

Chrome for Android get super-convenient "Sneak Peek" update

Started by mobify

Replies: 0
Views: 10748
Last post December 21, 2018, 08:11:58 AM
by mobify
Some Android apps send Facebook personal data without obtaining consent - report

Started by mobify

Replies: 0
Views: 10822
Last post January 02, 2019, 08:27:03 AM
by mobify
infected Android apps downloaded 3 million times pretend to be the Chrome browse

Started by mobify

Replies: 0
Views: 9931
Last post November 13, 2019, 07:26:00 AM
by mobify
Mario Kart Tour beta registrations open in US for Android users

Started by gurutek

Replies: 0
Views: 11013
Last post April 29, 2019, 05:30:29 AM
by gurutek
Google Chrome beta for Android updated with a battery saving feature

Started by gurutek

Replies: 0
Views: 14016
Last post June 17, 2019, 06:37:26 AM
by gurutek