Facebook may be the least trusted company when it comes to online privacy, but it seems like Google is vying for the top spot. The company disclosed a new Android vulnerability that essentially allowed hackers to gain access to a smartphone’s camera. That’s even when the phone is locked.
The bug was actually discovered by Checkmarx and allowed hackers to bypass app permissions. Pixel phones were specifically affected, but it seems like the issue also affects phones from Samsung and other manufacturers too.
“Our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so,” Checkmarx said in a blog post. “Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data.”
After the blog post went live, Google confirmed the existence of the bug, however, it also said that the bug is no longer present. In other words, if you have the latest security update on your phone, you don’t need to worry about hackers being able to access your camera. At least, not from this specific issue.
“The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners,” Google said in a statement to Checkmarx.
This isn’t the only bug related to camera access in recent weeks. Recently, a bug was discovered that allowed Facebook to access the iPhone’s camera in the background. After the bug was discovered Facebook released a statement saying that it had inadvertently introduced the bug when fixing another issue — and that there was no evidence of photos or videos being uploaded to Facebook because of the bug. Of course, whether that’s true or not, it doesn’t bode well for Facebook in general, which has been involved in scandal after scandal related to user privacy.