Security Bits Logo no alpha channel

Security Bits – 1 December 2019

Followups:

Security Medium — The Android Camera Bug

A bug was found in the camera app that ships on many Android phones that allowed third-party apps with permission to use external storage to silently enable the camera and mic, to access the photo library, and, to read geolocation data from the images in the library. Malicious apps could enable the camera and mic even when the phone was locked and the screen is off. Access to storage is one of the most common permissions, so the permission would not look suspicious.

The bug was responsibly disclosed, so both Google and Samsung have already patched the camera apps on their phones. Google patched their app via the Play store in July, and while Samsung say their app is now patched, they did not give a date for when it was released.

The security researchers who discovered the bug believe it affects apps by other manufacturers too, but while Google say they are working with manufacturers, we have no official confirmation that other phones were or are vulnerable. Frustratingly, this means owners of non-Google or Samsung devices simply don’t know whether or not they are exposed to this dangerous vulnerability. For now, it seems there are no wide-spread exploits in the wild, but that could change very quickly.

Links

Notable Security Updates

Notable News

Suggested Reading

Suggested Listening

Palate Cleansers

11K lens

Note: When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Leave a Reply

Your email address will not be published.

Scroll to top