Checkmarx’s security team is well known for identifying vulnerabilities in security, some of their notable discoveries include Tinder and Amazon’s Alexa. The security research team at Checkmarx recently identified vulnerabilities in Samsung and Google smartphones, and it has the potential to affect hundreds of millions of users. When the research team started researching the camera app on Pixel 2XL and Pixel 3, they discovered several vulnerabilities, and these issues were identified when an attacker was allowed to bypass user permission. The rogue application was able to capture inputs from microphones, GPS, and camera even when the user is in a remote location.
Android Open Source Project (AOSP) has a few sets of permissions that applications must request for the user to make use of the application. Checkmarx’s researchers created an attack scenario where Google’s camera app was abused to bypass permissions. A malicious app was made, and it exploited the commonly used request permission, which is storage access. The app not only has access to stored videos and photos but with this new method, one can direct the app to click new pictures and record videos. The latest version of the camera app by Samsung and Google is protected from these scenarios, and updating to the latest version of Android OS will fix these issues for others.