Security firm Checkmarx has discovered a major new vulnerability on the Android platform that could pose a great threat to the users. Apparently, this bug allows any rogue app to simply take control of your microphone and camera without acquiring prior permissions.
However, customers should be relieved for now knowing that this vulnerability cannot yet access the recorded files from your camera or microphone. But theoretically, the app can easily retrieve storage permissions to push the contents onto a third-party cloud server.
It is added that this bug can theoretically read GPS locations from your photos and videos, which is a privacy nightmare for any user. Further, this vulnerability is also found to provide the ability to “List and download any JPG image or MP4 video stored on the phone’s SD card”.
Fortunately, the security firm notes that Google has already fixed this bug on its Pixel devices with a patch back in July. Samsung is the second manufacturer that appears to have patched this particular bug. This means that there are still plenty of other devices that are vulnerable to this bug right now. Keeping this in mind, it is hoped that this report could encourage other manufacturers to start sending out patches for their devices if required.
Given the vast nature of the Android platform, it’s nearly impossible to control every aspect. However, it was widely believed that Google has built a robust security system within Android to protect against malware. Cases like this prove that mobile security is a never-ending process.
It is worth pointing out that Checkmarx created a rogue app of its own to demonstrate how this vulnerability works, so users are relatively safe right now.
Via: Ars Technica