A security researcher has found that by creating an app that exploits a
simple loophole in Android, he could get a device to take photos with
its camera and upload them to a remote server without user permissions.
Former Google employee, Szymon Sidor has
found a loophole in Android that allows malicious apps to take control
of your smartphone cameras and upload the images to an unknown server
without you knowing it.
Sidor, who now works as a security
researcher stated on his Snacks For Your Mind blog, that he had observed
numerous apps on Google Play that were capable of taking photos
secretly. Google requires an on-screen preview for apps to take photos,
but Google does not have a minimum size requirement for the preview.
Since your phone has millions of pixels, you will never spot the one
that is showing the preview as it can be as small as 1 pixel. Google can
close this by mandating that on-screen previews cover a certain
percentage of the screen. The app was also able to capture other details
from the device, such as battery level and even the user's current
location.
Sidor recreated the loophole in a video
which you can check out below. He ends his post with a simple request to
Android’s security team: “Please put more effort into ensuring users’
privacy.”
0 comments:
Post a Comment