Israeli cyber-researchers find flaws in Google, Samsung camera apps

Researchers at cybersecurity firm Checkmarx say hackers able to seize control of camera app and take photos, eavesdrop; Google has issued a fix

By Shoshanna Solomon

You will receive email alerts from this author. Manage alert preferences on your profile page

You will no longer receive email alerts from this author. Manage alert preferences on your profile page

19 November 2019, 5:21 pm Edit

Shoshanna Solomon was The Times of Israel's Startups and Business reporter

Researchers at Israeli cybersecurity firm Checkmarx say they have found vulnerabilities in the smartphone camera apps of Google and Samsung, which enables hackers to take control of the app and record videos, take photos, eavesdrop on conversations, and identify GPS coordinates of the users.

The researchers also found that certain attack scenarios also allowed malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, the researchers said in a blog post.

“The ability for an application to retrieve input from the camera, microphone, and GPS location is considered highly invasive,” the researchers said.

Upon its discovery, Checkmarx alerted Google of its findings, and the firm has taken steps to fix the flaw, the blog said.

“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure,” Google said in a statement, reported by the Checkmarx blog. “The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”