Android unpatched camera security flaw puts millions of users at risk

Reports are coming in regarding a recently discovered Android vulnerability that can allow hackers to activate the camera without permission.

When it comes to software patches, Google and Apple are reportedly quick to release updates to address any problems with the operating system. However, just like any updates, there is bound to be some problems that go unnoticed from a developer's standpoint. In a recent report, an unpatched flaw discovered by security researchers on some Android devices could allow hackers to control the cameras without the owner's knowledge.

It is evident that this could pose a huge problem to the safety and privacy of users. Industry experts are now urging all those with an Android device to check if the bug is present. Credit goes to the researchers from Chekmarx for discovering the camera vulnerability, as pointed out by Lifehacker. After using a specific set of commands, the team was able to gain access to the default camera app.

Once activated, hackers can potentially execute various functions that can capture videos, photos, and audio. Furthermore, other data that can be gathered included GPS metadata from images, and sensor data to determine if the mobile phone is facing up or down. Ultimately, there is even a possibility that phone calls can be recorded as well.

Earlier this year, the security flaw was first discovered on several smartphones from Google and Samsung. Nevertheless, these were promptly resolved by patches. However, Checkmarx believes that other Android devices might still be affected by the camera loophole.

A quick way to check for Pixel users is to verify when the default imaging app was last updated. This can be done via the settings menu and if the details indicate November 7, 2019, then it has been patched.

Unfortunately, the process for other Android smartphones requires a PC (Linux, Mac, Windows), a USB cable, and the device itself. The next step involves downloading ADB tools on the computer. Then after plugging the handset, users need to access the command terminal to type in a specific set of commands.

Once that's done, they can check their phone's photo/video gallery to see if anything new was added. If there are, then vulnerability is present. Thankfully, there have been no reports of this exploit affecting Android users, but it is better to be aware of this flaw.