A vulnerability in the Google Camera Application left millions of Google and Samsung smartphones open to being potentially abused potentially letting a malicious actor to take photos, download images and video and listen in to phone calls.

The flaw, CVE-2019-2234, is a permission bypass issue that enables real-time access to a phone through the camera application, according to a report by the Checkmarx Security Research Team. Takeover of the phone begins with the victim downloading a malicious app that requests storage access permission and that once downloaded creates a persistent connection to a command and control server that cannot be severed even if the app is closed, the screen is off or the phone locked.

The Checkmarx team tested its theories on a Google Pixel 2 and 3 model phones and Samsung later confirmed some of its devices that used the app were also susceptible to the vulnerability.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.