This morning Android users around the world are waking to an announcement potentially putting their privacy at risk. In an announcement that seems all too common around the Android OS yet another security flaw has been discovered. This particular issue is based around potential to acquire unrestricted access to any Android devices camera.
Szymon Sidor recently posted a blog post exposing the latest threat to Android users. The vulnerability could potentially allow malicious applications access to get access to and use the camera for both video and photos.
Although the SDK doesn’t allow use of the camera without a preview window on the device’s screen, its seemingly possible to make this window 1 pixel wide by 1 pixel high.. Thus making it almost impossible for the end-user to see. Whats more, with the pixel on the screen – even when the device is powered off the app is still capable of capturing photo and video footage! Once the footage has been captured, the Android SDK allows quick and easy upload to websites or services, so the malicious app developer could immediately start capturing and uploading photos and video without your knowledge.
However this would should up in the data usage charts on your Android device.
Check out Szymon’s video below:
There are many guides available on the net on how to secure your Android device, there are however some simple things to remember:
- Make sure your Android device is always up to date
- Consider applications carefully that request access to your camera – do they really need access..?
- Keep an eye on apps that run in the background
- Ensure you use 2 factor authentication on your Google account
Privacy has always been somewhat of a concern around the Android OS, however, used with forethought in can be just as safe and secure as any other OS.
Now the news is out I am sure Google will be working as fast as possible to remedy this security flaw.
For a list of all current known Android Security Flaws check the CVE Details site