Google regularly releases updates to its mobile operating system fixings bugs and vulnerabilities that could leave Android phones vulnerable to hackers or make it difficult to use their phones. Now, a new report claims that a bug in the camera app of phones by Google and Samsung allowed hackers to spy into users conversation without ever letting them know about it.
According to a report by cybersecurity firm Checkmarx gave hackers a broad set of permissions that not only allowed them to click photos and record videos but also get detailed information about users’ location. The bug allowed hackers to control the Camera app in Google Pixel phones and Samsung smartphones such that they could listen to all of users’ conversations and even manipulate the camera remotely by installing an infected app.
According to a blog shared by the cybersecurity firm, it did a detailed analysis of the Google Camera app, wherein it found that an attacker could “control the app to take photos and/or record videos through a rogue application that has no permissions to do so.”
“Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data,” the firm wrote in the blog post adding that it found similar issues in the Camera app in Samsung smartphones.
What is scary is that the security researchers found out that an infected app could force the camera apps in Pixel and Samsung smartphones to take photos and record video even if the infected phone was locked or the screen of the phone was turned off or when a user was is in the middle of a voice call.
The good news is that the security firm informed Google about the security vulnerability back in July this year following which Google released a patch to fix the bug. It also made a security patch available to the other affected smartphone makers to fix the bug. This means that if you have been updating your phone regularly, your phone’s data should be safe and sound.