Security firm Checkmarx has discovered a security flaw that allows hackers to access an Android phone’s camera and photo library even when the apps are closed. The bug presented a threat to hundreds of millions of users.
During access, hackers are able to remotely take photos, record video, track location and listen in on conversations the phone-user is having.Thanks to the phone’s internal proximity sensor, hackers are even able to detect when the phone nears the user’s face. All of this takes place in the background with the phone-user left completely unaware.
Checkmarx discovered the flaw by creating a malicious weather app that didn’t require any permissions besides “storage space” – an often harmless request all smartphone users are used to receiving. “A malicious app running on an Android smartphone that can read the SD card,” director of security research at Checkmarx Erez Yalon explained in a statement to Forbes. “Not only has access to past photos and videos, but with this new attack methodology, can be directed to take new photos and videos at will.”
Currently, Google and Samsung phones are the most at risk for the attack, but Checkmarx has noted that other phone makers should also be concerned. Both Google and Samsung have confirmed the bug and have issued a patch since the initial findings in July. Android users are encouraged by the companies to always install new software updates to ensure protection.
Elsewhere in tech, Samsung has announced a special edition Star Wars Galaxy Note10+.