Thanks to a security flaw,tongzhi : politics of same-sex eroticism in chinese societies Android apps had the ability to take photos and record conversations without users knowing it.
According to a bombshell reportreleased Tuesday by cybersecurity firm Checkmarx, a major Android flaw gave attackers shockingly broad permissions to a phone without consent from users. The flaw, dubbed CVE-2019-2234, allowed an app developer to gain unparalleled access to a device’s camera, turning a user's phone into a spying device. Checkmarx was able to uncover all of these vulnerabilities through a fake weather app it created.
An attacker could silence the camera shutter to hide the fact that it was recording video and taking photos without consent. These actions could even be taken when the malicious app was closed, with the screen off and the phone locked.
The flaw also gave an attacker access to stored media on a device, as well as the GPS data on photos and videos in its library. And it allowed an app developer to eavesdrop on both sides of a phone conversation and record audio.
Yes, it gets worse. A phone’s proximity sensor could be used to let the attacker know when the phone was held up to a user’s ear for a phone call or when the phone was lying face down so the open camera app couldn’t be detected while taking photos or recording video.
An attacker was even able to upload images and video from the phone to a server if a user granted the app permission to access the device’s storage.
Checkmarx first discovered the flaw over the summer while researching the Google Camera app on a Google Pixel 2 XL and Pixel 3. Further investigation uncovered the same vulnerabilities in "camera apps of other smartphone vendors in the Android ecosystem," including Samsung.
Among the most startling aspects of this flaw is the fact that the attackers were able to access a phone’s camera and mic without a user first giving permission to the app. Even the recently viral Facebook bug, which forced the iPhone's camera open, required user permission before accessing the camera.
According to Checkmarx’s report, it first contacted Google about the flaw in early July. Samsung confirmed it was also affected by the vulnerabilities in late August. Both companies approved the publication of Checkmarx’s report this month.
“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” said a Google spokesperson in a statement provided to Checkmarx. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
SEE ALSO: AirPods Pro and Android: Is it worth it?In a statement to Arstechnica, Checkmarx Director of Security Research Erez Yalon speculated that the flaw may arise from Google granting its voice assistant access to a device’s camera.
Besides Google and Samsung, it’s unclear how many, if any, other Android phone manufacturers were affected by the vulnerability.
With just those two companies, however, this flaw had the ability to affect hundreds of millions of smartphone owners around the world.
Android device owners can protect themselves by making sure their smartphones are updated to the latest version of the operating system.
Topics Android Google Samsung
Wordle today: The answer and hints for February 13, 2025
2025 Oscar nominations: See the full list
Samsung Galaxy S25 Edge: The ultra
Stuff Your Kindle Day Jan. 23: Free paranormal cozy mystery e
Obama photographer Pete Souza on Trump: 'We failed our children'
Celtic vs. Young Boys 2025 livestream: Watch Champions League for free
NYT Connections hints and answers for January 24: Tips to solve 'Connections' #593.
Samsung Galaxy S25 Ultra vs Apple iPhone 16 Pro Max: Battle of the premium smartphones
Best GPU deal: GIGABYTE NVIDIA GeForce RTX 5080 is $1,349.99 at Best Buy
Washington Wizards vs. LA Clippers 2025 livestream: Watch NBA online
Then and Now: 5 Generations of GeForce Graphics Compared
Hoffenheim vs. Spurs 2025 livestream: Watch Europa League for free
Best Dyson Supersonic Hair Dryer deal: Save $210 when you buy refurbished at Walmart
'Severance' Season 2 opening credits, explained
Best external hard drive deal:WD 5TB Elements for $114.99
Winter storm warnings: How to see online if more snow is heading your way
Dallas Mavericks vs. Oklahoma City Thunder 2025 livestream: Watch NBA online
Best Fire Stick deal: Save $5 on Amazon Fire Stick HD
E3 2017 Trailer Roundup: Upcoming PC Games
'Severance's Lumon LinkedIn page reveals Miss Huang's true identity
Olympic mascots, rankedA full list of 2021 Emmy winnersNintendo Switch update finally adds Bluetooth supportThe iPhone SE with 256GB of storage has disappeared from Apple StoreThe new iPad mini looks great, but it's lost one feature: The headphone jackBadass Milo Ventimiglia doesn't follow the rules of Instagram'Sex Education' Season 3 is all about characters coming into their ownShaun White's freakish Olympic win was a truly emotional experienceSnapchat has a hidden Valentine's Day Easter eggPhotoshop battle of a little dog destroying a sofa is all the drama you could ask forHere's why Olympians are awarded stuffed tigers in PyeongchangGet ready to preNBC host apologises for questionable comments about Olympic skierHow to calm your nerves while watching the OlympicsThank you, Lupita Nyong'o, for making Michael B. Jordan do a bunch of pushAustralia's government bans politicians from sleeping with their staffThe Apple Watch Series 7 gets a bigger, curvier faceSuperb Bichon Frise wins 'Best in Show' at Westminster Dog ShowA fast object collided with Jupiter and blew up, space footage showsGorillas find love using a dating app matching algorithm, too 'The Night Agent' literally doesn't sleep. Someone allow him a nap. Bumble launches new features to help you date during quarantine 45 things I've done to kill my quarantine boredom New Google Flights feature guarantees the lowest price, pays you back if it’s wrong Impulsive quarantine haircuts, dye jobs give Brad Mondo the chills BBC weatherman kills the channel's theme song on drums after delivering the forecast David Attenborough is teaching online geography lessons to kids at home 'Paddington 3' is officially happening Keeping a list of what I do every day is helping me manage quarantine anxiety John Krasinski's virtual high school prom was truly a night to remember Sex tips for people with endometriosis Do not inject yourself with bleach to cure coronavirus, holy crap Twitter replaces logo with doge as Musk seeks Dogecoin lawsuit dismissal 'Yellowjackets' and 'The Last of Us' share 3 creepy details, cannibalism aside 'Wordle' today: Here's the answer, hints for April 3 How to cheer up your loved ones from a distance This is what a socially How to have a socially distanced 420 'Brooklyn Nine Samsung's new TV boxes can be converted into cat houses
1.3951s , 10195.1484375 kb
Copyright © 2025 Powered by 【tongzhi : politics of same-sex eroticism in chinese societies】,Warmth Information Network