Google acknowledges app bug that allowed hackers to control camera on millions of phones

“The vulnerability was found to be present in the Google Camera app and Samsung Camera app”

A major vulnerability has been found in the Android camera app on Google phones, which also affected the camera app on certain phones made by Samsung. The security firm, Checkmarx, discovered the vulnerability on both a Google Pixel 2 XL and the Pixel 3. According to the firm, the bug affected hundreds of millions of Android devices made by Google and Samsung. The firm found out that the vulnerability could be exploited to turn on the camera on the phone using any app, which doesn’t even have the necessary permissions, to record videos or click pictures. The Google Camera app and the Camera app found on Samsung’s phones were affected.

Essentially, a hacker could use the vulnerability to take control of a phone’s camera. An application could be used to turn on the camera on the device and take photos or videos. The worst part is that the victim would not know about this as the hacker could turn on the camera even with the screen off. The folks over at Checkmarx were also able to take pictures while the phone was being used to make a phone call. And if the user has enabled location access in the camera app, then the hacker could also know the location details. 

Checkmarx reported the discovery earlier this year and Google immediately took action to patch the bugs. At first, the security firm believed that the vulnerability only affected Google devices, but Google found that the issue was bigger. Later on, Samsung confirmed that its camera app had also been affected. Google said the following in an official statement;
“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
No need to worry now, as the vulnerability has already been fixed by both Google and Samsung. However, it is important to know that apps must always be updated to the latest versions as bugs and patches get fixed all the time.