Antonio Villas-Boas/Business Insider
The Google Pixel 3, left, and Pixel 4.
A security flaw in Android's operating system made it possible for malicious apps to hijack a user's smartphone camera, record video and audio, and upload those clips to an external server without the person's knowledge.
The flaw was uncovered by the cybersecurity firm Checkmarx in July, and its findings were published Tuesday, Ars Technica first reported.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More Google and Samsung have patched the flaw in their devices, but Google said other Android devices could still be vulnerable, according to Checkmarx. It's not clear how many users were affected.
"We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure," a Google spokesperson told Business Insider in an email. "The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners."
A Samsung spokesperson told Business Insider the company has also released patches to address the issue since being notified by Google.
"We recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible," the spokesperson said.
Checkmarx developed a proof-of-concept app in order to test a worst case scenario for exploiting the security flaw. Researchers found that their malicious app could easily bypass a security restriction meant to prevent apps from accessing an Android camera without permission.
In addition to secretly recording audio and video, their app was able to track metadata like the GPS location where videos were taken.
"We also found that these same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem ... presenting significant implications to hundreds of millions of smartphone users," Checkmarx research head Erez Yalon wrote in the firm's report.
Here's how to check whether your Android device is vulnerable:
- Update your phone's apps. A patch has been rolled out for all Pixel and Samsung devices, so making sure your software is up-to-date is the best way to ensure you're protected.
- On Pixel phones, navigate to Settings > Apps and Notifications > Camera > Advanced > App Details. If the app has been updated since July, you're safe.
- If you have an Android device that isn't a Pixel or Samsung, run the command listed here. If doing so forces your phone to record a video, you're exposed to the vulnerability.
You can read the full report on Checkmarx's site.
Next Story
I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real. 
I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
10 Foods you should avoid eating when in stress
8 Lesser-known places to visit near Nainital
World Liver Day 2024: 10 Foods that are necessary for a healthy liver
Essential tips for effortlessly renewing your bike insurance policy in 2024
Indian Railways to break record with 9,111 trips to meet travel demand this summer, nearly 3,000 more than in 2023
