Android users need to be aware of an unpatched security flaw. According to Checkmax security researchers, some apps can record users using the mic or camera of the device. The specific bug causing this security flaw is not available yet. However, Checkmax managed to crack into applications to hack some call records and media files. Moreover, they found some vulnerabilities in google pixel camera. Further research shows that these camera vulnerabilities could also affect some Samsung users as well.
During the research, researchers found that attackers could manipulate specific actions of the camera app to record some photos or videos. Attackers can do this with the help of rogue applications. Moreover, some malicious actors can attack the storage permissions to give access to stored videos and images. It is also possible to locate the user by tracking the GPS metadata of media files in the device by parsing EXIF data. The CheckMax team performed similar activities to force the camera app to capture photos, even with the screen lock. Researches could do these activities even when the user was on a voice call. The ability to attack a user’s phone camera is highly insecure in terms of privacy. Now the CheckMax team is building attack scenarios to check the possibilities of attack.
Since the mobile storage SD card has personal photos and information of the user, attacking the storage permission is highly insecure. Hence, to access SD card storage, apps need to have storage access permission. The CheckMax fired some commands to show how the attackers can capture the videos during the voice call. Google and Samsung released patches for impacted smartphones this year. However, CheckMax says that many other android phones are still vulnerable to attacks. Pixel users can check for the patch under the app details section of the camera app. Users who have updated the camera app since July 2019 are safe from the attacks.