Android OS loophole allows secret photos to be taken
Posted by: Jon Ben-Mayor on 05/27/2014 06:28 AM
[
Comments
]
A security researcher recently discovered an exploitable flaw in the Android operating system which allows photos to be snapped without the user knowing.
According to Sidor, “The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.” Sidor has since uploaded a video demonstrating the exploit, and has also notified Google about the flaw.
Sidor follows up by saying; if you are as disturbed by this find as I am you will start asking what can we do to avoid such situations. The bad news is that it's kind of a cat and mouse game - no matter how hard you try attackers can find more ways to obfuscate malicious activity. The good news is there are some ways that seem (at least given my current knowledge hard to circumvent:
-Pay attention to permissions (for example does Simple Notepad* really need access to your camera?)
-Keep your Google Account secure - if somebody can access your Google account they can install apps on your phone remotely without you approving it! Set up two step verification. Change your password from time to time. Set up secure password.
-Uninstall unused apps.
-High battery consumption (settings -> battery), and high bandwidth (settings -> data usage) are potential culprits
-Look at the background services that are running (settings -> apps -> running) - does Simple Notepad* really require background service
-Swiping app out of application list does not switch off background services (if you want to completely switch it off go to App Info (long press app icon inside menu and drag it to app info section) and click force stop - this ensures no background services are running.
*Simple Notepad is a made up example - I am not referring to any app in particular.
According to Sidor, “The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.” Sidor has since uploaded a video demonstrating the exploit, and has also notified Google about the flaw.
Sidor follows up by saying; if you are as disturbed by this find as I am you will start asking what can we do to avoid such situations. The bad news is that it's kind of a cat and mouse game - no matter how hard you try attackers can find more ways to obfuscate malicious activity. The good news is there are some ways that seem (at least given my current knowledge hard to circumvent:
-Pay attention to permissions (for example does Simple Notepad* really need access to your camera?)
-Keep your Google Account secure - if somebody can access your Google account they can install apps on your phone remotely without you approving it! Set up two step verification. Change your password from time to time. Set up secure password.
-Uninstall unused apps.
-High battery consumption (settings -> battery), and high bandwidth (settings -> data usage) are potential culprits
-Look at the background services that are running (settings -> apps -> running) - does Simple Notepad* really require background service
-Swiping app out of application list does not switch off background services (if you want to completely switch it off go to App Info (long press app icon inside menu and drag it to app info section) and click force stop - this ensures no background services are running.
*Simple Notepad is a made up example - I am not referring to any app in particular.
Comments
