Android 카메라 결함으로 인해 사진을 악의적으로 업로드 할 수 있음

ment 11/20 '19 posted 뉴스 IT

• 개념 증명 앱을 사용하여 CheckMarx는 앱이 닫혀 있고 화면이 꺼진 상태에서 사진을 찍을 수 있었고, 해당 사진에서 GPS 데이터를 가져오고, 양방향 전화 통화를 도청하고, 카메라 셔터를 끄고, 사진을 전송합니다. 그리고 비디오를 외부 서버로 가져오고 이미 전화에 저장된 이미지와 비디오를 가져옵니다.

• 물론 이를 위해서는 사용자가 앱에 스토리지 액세스 권한을 부여해야하지만 가장 일반적으로 제공되는 권한 중 하나입니다.

• “Google 카메라 앱을 상세하게 분석한 후 특정 작업과 의도를 조작하여 특정 권한없이 모든 애플리케이션에서 Google 카메라 앱을 제어할 수있는 방법을 찾았습니다. Checkmarx 보안 팀장 Erez Yalon은 설명했습니다.

• 그런 다음 연구원들은이 취약점에 대해 추가 공급 업체에 연락하여 자신의 카메라 앱이 취약한 것으로 확인된 삼성의 답변을 받았습니다.

• "이 문제는 영향을 받은 Google 장치에서 2019 년 7 월 Google 카메라 응용 프로그램의 Play 스토어 업데이트를 통해 해결되었습니다. 모든 파트너가 패치도 이용할 수 있게 되었다"고 Google은 연구원에 통지했습니다.

• Checkmarx의 영리한 사람들은 스토리지에 대한 액세스가 Android 앱이 요청하는 가장 일반적인 권한 중 하나이므로 이러한 취약점의 잠재적인 도달 범위는 상당할 수 있다고 지적했습니다.

Android Camera Security Vulnerability Exposed Data of Hundreds of Millions of Users [wccftech.com]

Android camera flaw allowed uploading photos maliciously [9to5google.com]

Android camera apps could be hijacked to spy on users [www.helpnetsecurity.com]

Android Camera App Bug Lets Apps Record Video Without Permission [www.bleepingcomputer.com]

Android flaw could let hackers do some clandestine photography [www.theinquirer.net]

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable [arstechnica.com]

Google Assistant on Android devices could be tricked into taking photos, videos [www.cnet.com]

How Attackers Could Hijack Your Android Camera to Spy on You [www.checkmarx.com]

Android flaw lets apps secretly record people on their phone's camera [www.businessinsider.com]

Android flaw lets rogue apps take photos, record video even if your phone is locked [www.zdnet.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

11/20 '19 answered

BREAKING: Android Camera Security Vulnerability Exposed Data of Hundreds of Millions of Users https://t.co/28o6Kr7pk7 pic.twitter.com/oAiwcI8GaS
— Juan Carlos Pedreira (@juancpedreira) November 19, 2019

A vulnerability in the Google Camera app may have allowed attackers to surreptitiously take pictures and record videos even if the phone is locked or the screen is off, Checkmarx researchers have discovered. In addition to this, att... https://t.co/WdSEs5Sv48 via @InfoSecHotSpot pic.twitter.com/4EULRLW0IP
— Sean Harris (@InfoSecHotSpot) November 19, 2019

via helpnetsecurity Android camera apps could be hijacked to spy on users https://t.co/WoZWbuzj1b
— BrianHonan (@BrianHonan) November 19, 2019

Android Camera App Bug Lets Apps Record Video Without Permission https://t.co/QEdEQwexRO
— Dwight Silverman (@dsilverman) November 19, 2019

구글의 안드로이드 카메라 앱과 삼성의 카메라 앱에서 각각 7월과 8월에 취약점이 발견, 저장소 권한을 가진 앱이 무단으로 새로운 사진이나 동영상을 찍을 수 있어서 악용하기에 따라 도청이나 위치추적이 가능하다는 것이 드러나. 구글은 이를 7월에 패치함. https://t.co/MSOymgBZlc
— 푸른곰 (@purengom) November 19, 2019

Android Camera App Bug Lets Apps Record Video Without Permissionhttps://t.co/YazNL6p6ce #cybersecurity #informationsecurity #android #bug #hackers #vaultinfosec #wevowyoursecurity
— Vault Infosec (@vaultinfosec) November 19, 2019

New: Security researchers found a vulnerability with Google Assistant permissions that allowed malicious apps to take photos and videos without you knowing https://t.co/KXcjVh4Jiq
— alfred ? (@alfredwkng) November 19, 2019

..@CNET: @Google Assistant on @Android devices could be tricked into taking photos, videos. Security researchers found a flaw through #Android's voice commands that allowed for #eavesdropping and #locationtracking. https://t.co/1UgK48CUGG #privacy #vulnerability
— David J. Chamberlin (@djchamberlin) November 19, 2019

Hijacking Android's Camera Application#MobileSecurity #AndroidSecurity by @Checkmarx https://t.co/0vNhUFJ5le pic.twitter.com/mXWe1fvPAg
— Mobile Security (@mobilesecurity_) November 19, 2019

Camera apps on Google and Samsung phones can be abused to spy on device owners

Report: https://t.co/KbuOaCLn8j

Video: https://t.co/3NHlzfaeMG pic.twitter.com/0hMZSrjE7J
— Catalin Cimpanu (@campuscodi) November 19, 2019

Android camera app bug lets apps record video without permission https://t.co/EnkxZ6OwA9
— Security Response (@threatintel) November 19, 2019

Android flaw lets rogue apps take photos, record video even if your phone is locked https://t.co/auaefzEsqd via @ZDNet & @SecurityCharlie
— Charlie Osborne (@SecurityCharlie) November 19, 2019

#Android #vulnerability lets rogue apps take photos, record video even if your phone is locked. Millions of Google and Samsung devices were vulnerable to exploit:#CyberSecurity #MobileSec https://t.co/4rCefBeORu
— Step9 Consulting (@step9consulting) November 19, 2019

Android flaw lets rogue apps take photos, record video even if your phone is locked https://t.co/8JEP02Xeed by @SecurityCharlie
— ZDNet (@ZDNet) November 19, 2019

Android flaw lets rogue apps take photos, record video even if your phone is locked https://t.co/sNNl4rkZ3l pic.twitter.com/Mh8VriRU4k
— CYBER PANDA (@Panda_Lv0) November 19, 2019

permanent link

Open Wiki - Feel free to edit it. -

11/20 '19 answered

Android Camera App Bug Lets Apps Record Video Without Permission https://t.co/H4kmtPR63F
— pankaj mishra (@pankajontech) November 20, 2019

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable | Ars Technica https://t.co/LGCSkx57cK
— Benedict Evans (@benedictevans) November 20, 2019

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable. Camera and mic could be controlled by any app, no permission required.https://t.co/YY7RplKgtM
— WhatIsMyIPAddress.com (@wimia) November 20, 2019

Vulnerability in Google's Camera app allowed 3rd party apps to take pictures and video without user knowledge or CAMERA permission.

This happened because of exported CameraActivity that accepted input from other apps. CVE-2019-2234https://t.co/y8RCqMqOX7 via @checkmarx pic.twitter.com/JoskGspuxw
— Lukas Stefanko (@LukasStefanko) November 20, 2019

Security vulnerabilities in Google/Samsung Android's Camera app. "an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so" without user awareness of course. #GDPR #ePrivacy https://t.co/hLGOI9MJIi
— Lukasz Olejnik (@lukOlejnik) November 19, 2019

Android users: How private do you think your life is? Here's an article about the camera vulnerability. Google confirmed ✅⚠️#Android #AndroidDev #securityin5wordsorless #Security #Google #mobilefun https://t.co/MUfazsxXJ8 pic.twitter.com/sUkCQYZ2i7
— Volodymyr Bloom (@VolodymyrBloom) November 20, 2019

If this were a bug in iOS, the internet would be all over it. But because it’s on Android... ? https://t.co/HEJtnF4T8G
— Jeremy Higgs (@jeremyhiggs) November 20, 2019

It's easy to forget how far we've come in security when people talk about 'alarming' issues (not the vendors' words) that essentially say: if you can install malware on a phone, you can do bad things https://t.co/EyT9Xuy2MH
— Martijn Grooten (@martijn_grooten) November 20, 2019

How Attackers Could Hijack Your #Android Camera to Spy on You | #cybersecurity #infosec #vulnerability https://t.co/FkHUxA0TJZ
— Ragesh Shanavas ???? (@rsz619mania) November 20, 2019

It's not that straightforward. You can download the full report at the end of the original article: https://t.co/kxqm49mtBB
— Pedro Umbelino (@kripthor) November 20, 2019

The android flaw lets rogue apps take photos, record video even if your phone is locked#Android #Camera #Google #Samsung #Sony #Malware #vulnerability https://t.co/6QTtU4t1RX
— HUM (@HUM1504) November 20, 2019

Android Flaw Lets Rogue Apps Take Photos, Record Video Even If Your Phone Is Locked https://t.co/Pd42EVw8Po
— Nicolas Krassas (@Dinosn) November 20, 2019

Fix released for #Android vulnerabilities which allow cyberattackers to hijack your phone camera and covertly take pictures or record video, even if your device is locked #cynersecurity #dataprotection https://t.co/oAV1XqHjMQ
— WADIFF Consulting (@wadiffconsult) November 20, 2019

#Android flaw lets rogue #apps take photos, record video even if your #phone is locked#tech #Technology #cybersecurity #security #Google $GOOGL
https://t.co/2TFG7OTydR pic.twitter.com/feE5oMDVlr
— ICE-H Investments (USA) (@ICEHInvest_USA) November 20, 2019

permanent link

Reply with curations

Related

Featured