9VSA-00088-001 CSIRT warns about Android and Google camera device vulnerability

Summary

The Computer Security Incident Response Team, CSIRT, shares information about camera vulnerability on mobile devices used for Android and Google. If the vulnerability is exploited, it may result in unauthorized use of the camera to steal user data.

Vulnerability
CVE-2019-2234

Impact
A malicious application could take control of the mobile device’s camera, being able to record, take pictures and obtain location data, sending this information to the attacker’s. This vulnerability lies in the «intents» of the application. These can be used by other applications without special authorization. The malicious application can run the camera through these «intents», being able to take pictures and record audio and videos when the device is locke.

Product engaged
Samsung and Google devices using Android, in addition to Google Pixel, are affected by this vulnerability.

Mitigation
Update the Camera application to its latest version available in the Play Store.

Links

How Attackers Could Hijack Your Android Camera to Spy on You


https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2234