Researchers from security firm Checkmarx discovered the vulnerability, with the investigation report published earlier this week. According to the report, the vulnerability made it easy to circumvent Android’s permisison requests. This allows hackers to access a phone’s camera and microphone with ease. This is compounded with the fact that storage permission is one of the most commonly requested by apps, and just as commonly granted. GPS data can then be gleamed from photos or videos taken by hackers.
For what it’s worth, it can be obvious when someone is hijacking your phone’s camera app. This is because the hacker will still have to run the camera app to take pictures or videos, even if remotely. With that, you’ll immediately know something is up if the hacker decided to do their thing while you’re actually looking at your phone’s screen. Google sent out an update to patch this vulnerability back in July. Samsung has reportedly done the same for its camera app, but it’s unclear when that happened. As of now, it’s unclear of any other manufactureres have addressed this issue. (Source: Checkmarx via Ars Technica)
