Among all the smartphone features, the camera has the most special place. A smartphone camera is behind the selfie revolution or the emergence of mobile captures as the biggest contender to traditional photography. Every subsequent device update or every launch of flagship phones has almost become synonymous with the unveiling of a more powerful smartphone camera. No doubt, in the ongoing evolution of smartphone cameras, Android devices are playing a major role with a multitude of device manufacturer brands and their quest for excellence and market dominance. What happens if such a crucial hardware feature suddenly becomes the source of mobile security threats? Yes, something like this happened in recent years with the revelation of an Android camera security threat.
Yes, your smartphone camera can be the source of major data and privacy breaches. The camera system stealthily can violate your personal data without giving you an inkling because of what is happening behind the scenes. Recently, an organization named Checkmarx Security Research unearthed this fact by scrutinizing some leading Android devices and camera apps. The team if experts basically monitored some apps that can control and run the device camera and abuse user data stealthily. For an Android app development company, this is an alarming moment as far as dealing with the security threat is concerned the camera apps of many leading smartphone vendors within the Android ecosystem is equally responsible for such data breaches.
Here in this blog post, we are going to explain the key risk factors and vulnerabilities and the ways users can take safeguard against such risks. But before all, we need to evaluate what we have at stake with such security vulnerabilities and threats.
The security firm Checkmarx basically discovered the most lethal bug that can help taking total control over the phone camera and can utilize a rogue app that by maneuvering permissions can take user pictures and videos stealthily and can send them to other apps. It doesn’t require to say while all these things happen with the device camera, users simply have no clue about it. This sane security flaw as per the Checkmarx can make device security vulnerable so much so that the attacker can stealthily grab the user images.
Checkmarx security experts already brought attention to these security flaws and sent alert messages to both Google and Samsung and both companies admitted to the presence of a bug that is responsible for such information security loopholes. Following this alert from Checkmarx, Google just last July came with a security patch to deal with the bug. Google Camera Application in the Play Store received a crucial update just to address this security flaw.
Samsung also maintained that the company already came with befitting patches to deal with this security and privacy issue. After the release of the security patch, the company requested everyone to keep their devices updated to get the latest security protection.
Now that we came to know about this massive finding of the security flaws, it is important to know how all these could actually happen or more precisely to speak, how the security experts of Checkmarx could unveil the security flaws. Well, here we will try to get to the bottom of this.
According to the experts, the entire exploitation of the storage and user data was carried out by the bug to maneuver the user’s permission. The storage permission asked by most applications is the source of the devil in this respect. When an app asks for simple permission, it hardly arouses any suspicion of data theft. But just by accessing the storage, these apps can easily grab hold of the user images and more number of preferred content.
Let’s understand the simple way an attacker can actually launch such an attack. The exact vector of the attack actually comprises of a few steps. The first one starts with the development and launch of a rogue app that after being downloaded and getting storage permission can just force data breaches slowly. The rogue app asking for the applicant’s permission can be a game app, an entertainment app or app if any other category.
The malicious attackers or hackers basically unleashed a rogue app with simple features. Such apps can be a better fab wide variety of categories or niches. From simple calculator apps to mobile games to a weather app, a rogue app can be if any niche and character. The hacker needs the users to download this malicious app at first. Then the app will start accessing all the photo and video files from the camera app of the device.
If you think the real implications of such data breaches are limited to unsolicited access to photos and videos, you are terribly underestimating the threats. The researchers from the Checkmarx actually shown how the downloaded malicious app can also detect calls by tracking the proximity sensor in the device. As and when a call is detected, the app by using the permission of access can record a video to capture the voice from both sides.
The real implications of the threat are also not limited to just Pixel phones but the entire Android ecosystem. So, any device using the Android operating system is actually vulnerable to such attacks and security breaches. Samsung also found this observation credible.
The only hope is that as soon as Google has been notified about the security issue, it came with the security latch promptly and made the same available to all stakeholders. When contacted almost all leading vendors nodded positively to the issue and a few of them including Samsung have made independent inquiries and tried to address the issue on their own. If you are going to hire mobile app developer for an Android photo app, this is one area you need to take cognizance of.
In spite of the proactive measures that are now being taken by Google and other companies, the security threats of such sort are not going to give way anytime soon. With a multitude of smartphone devices making the Android ecosystem, there is a possibility that already millions of phones are infected by such attacks. Moreover, the same attacks can always be recreated to make such attacks bigger.
WRITTEN BY: Atman Rathod
Atman Rathod is the Founding Director at CMARIX Technolabs Pvt. Ltd., a leading web and mobile app development company with 17+ years of experience. Having…
FEW MORE POSTS BY Atman Rathod: