Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

11/20/2019
09:00 AM
50%
50%

Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones

Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.

A vulnerability in some Android phones from vendors including Google and Samsung could allow criminals to take control of hundreds of millions of users' smartphone camera apps, enabling them to take photos, record videos and audio, and deduce locations — all without users' knowledge or consent.

In a blog post Tuesday, Checkmarx researchers Erez Yalon and Pedro Umbelino described how they "cracked into the applications themselves that control these cameras to identify potential abuse scenarios." They found permission bypass vulnerabilities, designated CVE-2019-2234, initially in two Google Pixel models that could allow a malicious actor to control the camera and gain access to stored photos, videos, and GPS metadata. The unauthorized activities could be triggered, the researchers wrote, even if a phone is locked, its screen is turned off, or a person is in the middle of a call. They went on to discover other phones running the Android operating system, including those from Samsung, had the same issue.

Yalon and Umbelino provided a proof-of-concept app that demonstrated how the vulnerability could be exploited. Under responsible disclosure procedures, Checkmarx first notified Google of the vulnerability in July. Google has released a patch for its devices via the Play Store and has made the update available to all hardware partners. Samsung and other vendors were notified in mid-August and have since released fixes.

Read more here

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How Medical Device Vendors Hold Healthcare Security for Ransom."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10864
PUBLISHED: 2020-04-01
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.
CVE-2020-10860
PUBLISHED: 2020-04-01
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).
CVE-2020-10861
PUBLISHED: 2020-04-01
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.
CVE-2020-10862
PUBLISHED: 2020-04-01
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.
CVE-2020-10863
PUBLISHED: 2020-04-01
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.