6.5 C
New York
Wednesday, May 25, 2022

How Android apps were able to use a smartphone camera without permission?

Must Read

New Research Identifies Genetic Origins of 3 Mitochondrial Diseases

Mitochondrial diseases are a set of rare hereditary disorders affecting one in every 4,300 individuals. It is...

AI Reveals New Math Behind The Search For Exoplanets

AI Reveals New Math Behind The Search For Exoplanets New planets orbiting other stars...

Iron In Meteorites Indicates A More Chaotic Early Solar System – New Research

Planetary scientists have more precisely reconstructed the early history of many asteroids than ever before, indicating that...
Amit Kumar
Amit Kumar is editor-in-chief and founder of Revyuh Media. He has been ensuring journalistic quality and shaping the future of Revyuh.com - in terms of content, text, personnel and strategy. He also develops herself further, likes to learn new things and, as a trained mediator, considers communication and freedom to be essential in editorial cooperation. After studying and training at the Indian Institute of Journalism & Mass Communication He accompanied an ambitious Internet portal into the Afterlife and was editor of the Scroll Lib Foundation. After that He did public relations for the MNC's in India. Email: amit.kumar (at) revyuh (dot) com ICE : 00 91 (0) 99580 61723

Some standard commands in many Android smartphones allow apps to run and control the camera without asking for user permission, found by the researchers in the field of information security from the company Checkmarx. The company reported this to Google and Samsung a few months ago, so these manufacturers have already managed to fix the vulnerability.

Android applications can request the system to access certain functions through standard APIs, and for some functions the system asks the user to provide access to the application. For example, if an application requests access to a camera or cellular features, the system first asks for permission from the owner.

In addition to the permission system, Android also has a subsystem for communicating applications among themselves. For example, some applications indicate the coordinates of a place on the map as a link, by clicking on which the user enters the standard map application. Behind this process is an action request through an Intent object. At the same time, the indications of actions may be implicit, and in this case, the system itself selects the applications that are suitable for the request, and are explicit with an indication of the specific application and action.

Researchers at Checkmarx found that standard camera apps on Google and Samsung smartphones allow third-party apps to take photos or videos, regardless of whether the app has permission to access the camera. After the application has sent such a request, the camera application is launched. You can use a set of commands to take photos or videos, as well as set a shooting timer or choose which camera to use.

This vulnerability itself is hardly useful, but researchers note that attackers can use it along with other system capabilities. For example, many apps in Google Play request access to the store, and users are used to giving them without thinking about why the program has such access. With this permission, the malicious app can send the photos taken to their server, and if the user has a location recording in the camera settings time to take a picture, so it can track a person’s location.

In addition, the researchers showed that the operation of a malicious application can be hidden if it monitors the state of the proximity sensor and starts shooting only when the smartphone is attached to the ear during a conversation or lies on a table on the screen.

Researchers sent information about the vulnerability to Google’s Android security team in early July, after which Google and Samsung corrected the vulnerabilities and allowed the information to be disclosed in November. However, Google also said that it notified other companies, so it is likely that the vulnerability affected smartphones of other manufacturers.

Recently, Google discovered sites that have exploited unknown critical vulnerabilities in iOS for at least two years. After a user accessed the site through a browser, a malicious application was installed on his smartphone, gaining superuser rights and transmitting passwords, photos and other confidential information to attackers.

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -