A software error in the Google Camera allowed cybercriminals to control the cameras of Android smartphones, as well as take photos and record videos even when locked, according to a study by the security company Checkmarx.
The company's Security Investigation team found several vulnerabilities in the Google Camera when analyzing a Google Pixel 2 XL and Pixel 3, derived from permission omission problems.
Among other things, it was discovered that a hacker could control the application to take photos and record videos without requiring specific permissions, even if the phone is locked, the screen turned off or when the user is in the middle of a call.
The company also explained that during the investigation it discovered that these vulnerabilities of the Google Camera also affect other smartphone providers with the Android operating system, such as Samsung, which “involves hundreds of millions of smartphone users.
Also, Checkmarx created an attack scenario to circumvent the permit policy and discovered that hackers could have access to videos and photos stored on the devices, as well as the GPS metadata associated with them.
After discovering these bugs, the security company notified Google, which confirmed that the vulnerabilities were not specific to the “Pixel†products.
For its part, Google thanked the security company for informing them about these vulnerabilities and said that the problem was solved on their affected devices through an update in the Google Camera Play Store in July 2019, which was also distributed among the affected manufacturers.
If you are reading this and have not updated your Smartphone we recommend you go immediately to the play store to download the latest updates for your phone.
That's why we recommend you always make sure you keep your mobile phone with the latest updates in all the applications you use to avoid a breach in the security of your personal data.