close
  • Ar chevron_right

    Google & Samsung fix Android spying flaw. Other makers may still be vulnerable

    news.movim.eu / ArsTechnica – 3 days ago - 12:32

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable

Enlarge (credit: Aurich Lawson / Getty)

Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server—without any permissions to do so. Camera apps from other manufacturers may still be susceptible.

The weakness, which was discovered by researchers from security firm Checkmarx, represented a potential privacy risk to high-value targets, such as those preyed upon by nation-sponsored spies. Google carefully designed its Android operating system to bar apps from accessing cameras and microphones without explicit permission from end users. An investigation published Tuesday showed it was trivial to bypass those restrictions. The investigation found that an app needed no permissions at all to cause the camera to shoot pictures and record video and audio. To upload the images and video—or any other image and video stored on the phone—to an attacker-controlled server, an app needed only permission to access storage, which is among one of the most commonly given usage rights.

The weakness, which is tracked as CVE-2019-2234, also allowed would-be attackers to track the physical location of the device, assuming GPS data was embedded into images or videos. Google closed the eavesdropping hole in its Pixel line of devices with a camera update that became available in July. Checkmarx said Samsung has also fixed the vulnerability, although it wasn't clear when that happened. Checkmarx said Google has indicated that Android phones from other manufacturers may also be vulnerable. The specific makers and models haven't been disclosed.

Read 13 remaining paragraphs | Comments

index?i=LRvVOe4YICM:p9XLl1RZiTw:V_sGLiPBpWUindex?i=LRvVOe4YICM:p9XLl1RZiTw:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Timothée Jaussoin – Wednesday, 19 June - 11:05

    You can now quickly take pictures in Movim and publish them in an article. I'll also add the feature soon in the Chat. FACE WITH STUCK-OUT TONGUE #movim #feature #HTML5 #camera

  • favorite

    6 Like

    Marzanna , springtime , Nicolas Vérité , oscar , Mariah Silva Matos , Miguel A. Arévalo

  • 4 Comments

  • 19 June Marzanna

    You look tired…

  • 19 June Timothée Jaussoin

    Thanks, it's the AI based filter included in the feature. Makes everyone face tired… :p

  • 21 June Nicolas Vérité

    Cool stuff! ;-)
    So huh... you can't comment a post with the picture, the same way?

  • 21 June Timothée Jaussoin

    No sorry, for the moment comments are text only, it will be quite difficult to handle UX wise