And this is why I always keep my Android in the corner while it’s charging.
Google disclosed a vulnerability in its Android OS that would allow an outside user to take control of an Android phone’s camera. A hypothetical hacker could take pictures and record video through an vulnerable smartphone camera, even if the phone is locked or the screen is turned off. Needless to say, it’s a good thing they caught this one before things got ugly.
The exploit was discovered by researchers from security research firm Checkmarx. The actual problem was caused by permission bypass issues found within the Google Camera app. Obviously, this problem affected Google-made phones like the Pixel, but apparently, it was so ingrained in Android OS, that it was also found in phones from Samsung and other Android manufacturers.
“An attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so,” the Checkmarx researchers explained. “Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data.”
Google has thanked Checkmarx for their efforts, and assured customers that the bug has been squashed. Even so, I might just keep a tissue over my Android while it’s charging for a little while. Y’know, just in case.