Researchers at Israeli cybersecurity firm Checkmarx say they have found vulnerabilities in the smartphone camera apps of Google and Samsung, which enables hackers to take control of the app and record videos, take photos, eavesdrop on conversations, and identify GPS coordinates of the users.
The researchers also found that certain attack scenarios also allowed malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, the researchers said in a blog post.
“The ability for an application to retrieve input from the camera, microphone, and GPS location is considered highly invasive,” the researchers said.
Upon its discovery, Checkmarx alerted Google of its findings, and the firm has taken steps to fix the flaw, the blog said.
“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” Google said in a statement, reported by the Checkmarx blog. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
To stay safe, the blog post said, users should ensure they update all applications on their smartphone devices.