tech2 News StaffNov 20, 2019 10:03:25 IST
An Android operating system vulnerability has been disclosed that affects its built-in camera app. While Google fixed the issue for the Pixel phones back in July, the patches are still rolling out to smartphones in the broader Android ecosystem.
Researchers found that the vulnerability allowed a third-party application to request “storage permissions” from an Android phone user, which in turn gave it access to the camera, record video, and access geolocation data embedded in stored photos. Typically, an app requires access to specific permissions for this information. However, the vulnerability allowed access to all these functions with just storage permission.
This, in turn, allowed hackers to use the vulnerability to record video and audio from affected devices and upload them to external servers without the knowledge of the user.
“Unfortunately, storage permissions are very broad and these permissions give access to the entire SD card. There are a large number of applications, with legitimate use-cases, that request access to this storage, yet have no special interest in photos or videos. In fact, it’s one of the most common requested permissions observed,” researchers at Checkmarx noted.
Google told Business Insider in a statement, "We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners."
Samsung also says that it has patched the issue in its smartphones.
It is recommended that all Android users keep their smartphones updated to the latest version of the software.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.