The camera on your Android device may have been hacked by a new exploit discovered in Google’s phone operating system. The research team at cybersecurity firm Checkmarx discovered the vulnerability in the Android OS while stress-testing.
Here’s what you need to know about the potential security breach.
What is Checkmarx?
Checkmarx is a cybersecurity research firm that uses hacking techniques to expose vulnerabilities in major websites and operating systems. They don’t do this for nefarious purposes: in fact, companies are grateful that a well-meaning research firm finds these exploits before criminals do.
Checkmarx has previously found vulnerabilities in sites like Tinder and systems like Amazon’s Alexa. This newest discovery, however, could be the most sweeping security loophole the firm has yet found. The loophole in question could allow a bad actor to take control of an Android device’s camera remotely.
What is the Android Camera Hack?
The hack in question allows for remote access to the camera functions of an Android device. Essentially, the exploit allows for specific malicious apps to override the permissions of the Google Camera app or Samsung Camera app. When the OS asks for specific protocols to allow access, the app needs to only ask for storage access through another known exploit.
This allows for a remote user to access not only the photos already taken on the phone, but also to issue commands to take photos and videos in the background, silently. Additionally, with this exploit, a malicious hacker could access a user’s GPS data and microphone. In essence, your phone could become a wiretap device, tracking your movements and recording everything you do and say.
What did Google Say About the Vulnerability?
Google offered a statement regarding the vulnerability’s discovery. “We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
This means that you need to make sure your Android OS is up-to-date and working with the latest patch. That way you don’t have to worry about someone tapping into your phone and spying on your conversations!