Android Users: Check Now to See If a Rogue App Can Control Your Phone’s Camera

Posted on by

According to research by security researchers Checkmarx, some Android devices may have an unpatched security flaw that the app can use to record you without your knowledge using your device’s camera and microphone.

Fortunately, no attacks have been reported using this bug so far. However, Checkmarx researchers were able to successfully create and execute commands that could remotely record phone calls; take photos, videos and audio; access to GPS metadata from photos; and even check if the phone is facing downward – this means that one day hackers can create their own smart attacks on devices that are running a generic version of the device’s standard camera applications.

Earlier this year, Google and Samsung released fixes for the affected smartphones, but a report from Checkmarx says many other Android smartphones may still be affected. Fortunately, there are ways to check if your device is fixed.

Check for the error on Pixel phones

Pixel users can easily check for a patch: just open your device’s settings, then go to Apps & Notifications> See All Apps> Camera> More> App Info to open the app’s page in the Google Play Store … If the app has been updated since July 2019, you are not aware of anything.

Check for error on other Android devices (manually)

If you’re not sure if your smartphone manufacturer has released an update for your phone’s camera app that fixes this bug, one way to find out is to try to exploit the bug yourself (which belongs to Ars Technica ).

You’ll need:

  • PC (works on Windows, Mac and Linux).
  • Your Android device.
  • USB cable to connect them.

Once you have these materials, you need to do the following:

  1. First, you need to install and configure ADB tools on your PC. All the necessary files and instructions for installing ADB for your PC’s OS can be found on the XDA developer forums .
  2. After installing and configuring ADB, connect your Android phone to your computer using a USB cable. Then we will try to use codes to force the phone to take videos and photos without accessing the phone’s camera app.
  3. Open your PC’s command terminal. On Windows: Press Windows Key + R, then type cmd and click Run. Mac: Press Command + Space to open Finder, then type Terminal and double-click the Terminal icon to launch it.
  4. In a command prompt window, run the following commands one by one:

adb shell am start-activity -ncom.google.android.GoogleCamera/com.android.camera.CameraActivity —ezextra_turn_screen_on true -a android.media.action.VIDEO_CAMERA —ezandroid.intent.extra.USE_FRONT_CAMERA true

Later:

adb shell am start-activity -ncom.google.android.GoogleCamera/com.android.camera.CameraActivity —ezextra_turn_screen_on true -a android.media.action.STILL_IMAGE_CAMERA —ez android.intent.extra.USE_FRONT_CAMERA true —eiandroid.intent.extra.TIMER_DURATION_SECONDS 3

Open your phone camera app and go to your photo / video library to check if the commands are working. If you find a new photo or video, then the error is present on your device.

If you haven’t updated the camera app on your device for a while, try checking the Google Play store for updates. After you’ve installed everything that is available for the default camera app on your phone, try the above ADB commands again. If they still work, you should report the problem to your device manufacturer as soon as possible. Also, stay away from unknown camera, video or audio recording apps as this is the most likely method for hackers to insert malicious code into your device and take some photos.

More…

0
Android

Leave a Reply