Android security flaw allowed unauthorized video recording
Posted: March 31,2023
On November 19, cybersecurity firm Checkmarx revealed that months earlier it had uncovered an Android flaw allowing attackers to record and access audio and video through a smartphone without the user’s knowledge. Checkmarx notified Google about the flaw in July and it has since been fixed.
However, millions of Android users were vulnerable to being recorded by cybercriminals before the flaw was corrected. No one can know today how many users were exploited through this operating system vulnerability.
The flaw, dubbed CVE-2019-2234, allowed attackers to record both video and audio through smartphone cameras without the user's knowledge and consent. Checkmarx discovered the vulnerability by developing a fake weather app to test Android phone security. Researchers found that it was possible for malicious users to disable camera shutter sounds, which meant they could turn on recording functions without alerting the user. Worse, the exploit did not require the malicious app to be open. It could be activated even when the phone was locked and the screen turned off.
In addition to video, attackers could exploit the flaw to listen in and record phone calls. It also allowed malicious apps to access data on the phone, including GPS metadata for pictures and videos. If users allowed the app to access phone data it could even upload the data to an external server.
Google corrected the flaw with a Google Play update in July. To make sure you’re protected, Make sure your camera app has been updated to the latest version.
Your email address will not be published.
While Damjan started his career in humanities, his interests quickly moved on to the tech and IT world. VPNs, antiviruses, firewalls, password managers - cybersecurity is what he knows best. When Damjan’s not losing hair over the dwindling of our collective sense of tech safety, you’ll find him looking for solace in 100-hour-long RPGs and rage-inducing MOBAs.