11/12/2023 0 Comments Google camera app play store![]() ![]() In the meantime, “anyone with anything to protect needs to update right away,” Thornton-Trump says, “if you can’t update the device due to age or a lack of manufacturer support it’s time for a new device. Google needs to do more as far as customer assurance regarding the security and confidentiality of devices running Android is concerned. The recent ‘ White Screen of Death’ problem hasn’t helped in the reputation stakes either. Like most of us, Thornton-Trump is happy that Google issued a fix and issued it quickly, but says that, based upon the severity and comprehensive nature of the vulnerabilities, “it’s time for Google to apply perhaps some of the “ Project Zero” capability to dig deeply into the Android OS itself.” There’s little doubt that the high number of Android vulnerabilities being disclosed is hurting the Android brand. “Everyone is safer today because of the great work and integrity of the Checkmarx researchers,” Thornton-Trump says. “My jaw dropped when I read this report about just how vulnerable the camera app was,” Thornton-Trump says, “it did not sound like a vulnerability, it sounded more like an Advanced Persistent Threat (APT) actor with fully-featured spyware.” Indeed, Thornton-Trump observed that had the security researchers been wearing black hats they could easily have monetized this research for hundreds of thousands of dollars. I asked Ian Thornton-Trump, a cyber threat intelligence expert and CompTIA global faculty member, for his take on the seriousness of this vulnerability disclosure and how it plays into the broader smartphone security narrative. The ‘jaw-dropping’ security expert opinion Updating to the latest version of the Android operating system, ensuring you have the latest available security fixes applied, and the latest version of the camera app for your device is recommended to mitigate your risk. ![]() However, the disclosure of the vulnerabilities was delayed until both Google and Samsung had issued fixes, so if you have the latest versions of your camera app then you should be protected from this attack scenario. At the time of publication, no response had been forthcoming, but I will update this article if that situation changes. I also reached out to Samsung for a statement regarding this disclosure. A patch has also been made available to all partners." The issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application in July 2019. If you can access the listing from that link, then you're one of the lucky few countries that can. This link is to the listing on the Play Store. I contacted Google, and a spokesperson told me: "We appreciate Checkmarx bringing this to our attention and working with Google and Android partners to coordinate disclosure. As beeshyams said in their comment, the Google Camera app is not available in some regions on the Play Store. What does Google say about the camera app vulnerabilities? What instructions could be sent by the attacker, resulting in what actions? I hope you are sitting down as it’s a lengthy and worrying list. Closing the app did not close that server connection. Once the app is installed and started, it would create a persistent connection to that command and control server and then sit and wait for instructions. It came in two parts, the client app running on the smartphone and a command and control server that it connects to in order to do the bidding of the attacker. This app, however, was far from harmless. We are, after all, conditioned to question unnecessary and extensive permission requests rather than a single, common, one. ![]() By just requesting this single, commonplace permission, the app would be unlikely to set off user alarm bells. This app didn’t require any special permissions other than basic storage access. It comes with a 50-megapixel main camera, a 48-megapixel telephoto lens, a 12-megapixel ultra-wide lens, and a 10-megapixel ultra-wide selfie camera.How could an attacker exploit these Google Camera app vulnerabilities?Ĭheckmarx created a proof of concept (PoC) exploit by developing a malicious application, a weather app of the type that is perennially popular in the Google Play Store. In terms of hardware, the 7 Pro will have enhanced zoom capabilities, with up to 10x zoom, and an ultrawide lens that’s 21% wider than the one on the regular Pixel 7, and will come with autofocus as well. He also shared a quick demo of the Face unblur feature, which improves otherwise blurry portrait pictures. These include Cinematic blur, Extreme Zoom Window framing, Macro Focus lock (if auto is disabled) New zoom UI and Haptics, as well as options to choose exposure time for Night sight. The update also includes some new features, some of which were shown by Google during their fall Pixel launch event. The update comes in at 339 MB, making it a considerably large download in terms of app updates. Gigantic 339MB camera update rolling out! /3eCzls2XidĪn online post from Twitter user shares a screenshot from the Google Play Store app, which shows a new update for the Google Pixel camera app. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |