Not one to allow Facebook to come forward, Google has revealed a vulnerability in Android that made it possible for hackers to hijack your camera and secretly take photos and capture footage – even when the phone is locked or the screen is off.  The error discovered by Checkmarx researchers stems from permissions bypass problems in the Google Camera app. The problem (filed under CVE-2019-2234) affected Pixel phones, but further spread to devices from Samsung and other manufacturers.
" n an attacker can control an application to take photos and / or record videos through a fraudulent application that does not have permissions," the researchers wrote. "We've also found that certain attack scenarios allow malicious participants to bypass different storage permissions rules, giving them access to stored videos and photos, as well as GPS metadata embedded in photos to find the user by taking a photo or video and analyze correct EXIF data. ”
The security firm showed evidence of the attack in a video uploaded to YouTube.
Google has since confirmed the release. , thank the researchers for their work. The good thing is that the glitch is already ironed out.
" We appreciate Checkmarx paying attention and working with Google and Android partners to coordinate disclosure," the company said in a statement. "The issue was resolved on the affected Google devices by updating the Play Store to the Google Camera app in July 2019. The package was also provided to all partners."
However, Google Project Zero researchers may need to take a break from finding iOS bugs to arrange their own security woes so others don't have to.