by Alanna Ketler, Collective Evolution:
As handy as they are, our smartphones are literally portable tracking devices. Equipped with GPS technology, people can easily be located and for most android users a record of where they’ve been each day since they’ve had their fancy phones is stored online. If that’s not creepy enough, the microphones on our phones are also able to record our conversations because they are listening even when we don’t think they are. Finally, you know those handy front-facing cameras often used to capture the perfect selfie? Recently, researchers have revealed how this camera can be used to spy on users, who would have thought?
The security research team from Checkmarx has uncovered a major vulnerability that is affecting Google and Samsung smartphones and has a potential to impact the hundreds of millions of android users across the globe. Apparently it’s now fixed, but the researchers discovered a way for a hack attacker to take control of the front facing camera and remotely take photos, record video, listen in on your conversations and more. All happening silently in the background without your awareness.
And, although it’s important to note that the following is merely speculation, if hackers have the ability to do this, then you better believe that the NSA and other high level government agencies are able to do the same thing. This isn’t something new, Edward Snowden, NSA whistleblower, and many others like him have talked about and have explained how our phones are actually used to spy on us.
Their research began on the Google camera app on the Pixel 2XL and Pixel3 smartphones, they found a few vulnerabilities which were initiated by allowing an attacker to remotely bypass user permissions. Apparently facial recognition, fingerprint and password security, are not as secure as we’ve been led to believe.
“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx said, “making it possible for any application, without specific permissions, to control the Google Camera app. This same technique also applied to Samsung’s Camera app.”
Davey Winder, from Forbes.com explains how an attacker is able to exploit the Google Camera app vulnerabilities
Checkmarx created a proof of concept (PoC) exploit by developing a malicious application, a weather app of the type that is perennially popular in the Google Play Store. This app didn’t require any special permissions other than basic storage access. By just requesting this single, commonplace permission, the app would be unlikely to set off user alarm bells. We are, after all, conditioned to question unnecessary and extensive permission requests rather than a single, common one. This app, however, was far from harmless. It came in two parts, the client app running on the smartphone and a command and control server that it connects to in order to do the bidding of the attacker. Once the app is installed and started, it would create a persistent connection to that command and control server and then sit and wait for instructions. Closing the app did not close that server connection. What instructions could be sent by the attacker, resulting in what actions?
I hope you are sitting down as it’s a lengthy and worrying list.
Of course when Google was confronted about this alarming issue they seemed glad to hear about it so that they could fix the problem, telling Winder after he reached out,
“We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. A patch has also been made available to all partners.”
While it is great that they are enhancing their security, there is no doubt in my mind that hackers can find a way to get around the new security and in my opinion. What’s even more alarming than hackers is government agencies having the ability to turn on your camera and “check in” on you whenever they please without your permission, or your awareness.
This is literally Orwell’s 1984 coming to life! If you are unfamiliar with this book, firstly, I highly recommend it, secondly, it basically foreshadows a totalitarian government referred to as, “Big Brother” that is constantly watching and spying on the citizen’s ensuring they are following the rules set forth by the state. As Orwell writes,
“The telescreen received and transmitted simultaneously. Any sound Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever the wanted to. You had to live- did live, from habit that became instinct- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.”
and..
“He thought of the telescreen with its never-sleeping ear. They could spy upon you night and day, but if you kept your head you could still outwit them. With all their cleverness they had never mastered the secret of finding out what another human being was thinking. . . . Facts, at any rate, could not be kept hidden. They could be tracked down by inquiry, they could be squeezed out of you by torture. But if the object was not to stay alive but to stay human, what difference did it ultimately make? They could not alter your feelings; for that matter you could not alter them yourself, even if you wanted to. They could lay bare in the utmost detail everything that you had done or said or thought; but the inner heart, whose workings were mysterious even to yourself, remained impregnable.”
I’m sure there are a great number of you out there who are thinking, I’ve got nothing to hide, so who cares? This is a very passive stance, and it’s not about whether or not you are participating in illegal activities, and/or are worried about being sentenced to jail or caught by authorities, it’s about our right to privacy. As whistle-blower Edward Snowden has said, arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
Read More @ Collective-Evolution.com
Loading...