A dangerous security hole ( bug ) was found again. This time, there is a bug related to the Google Camera application, a camera application made by Google, which can be installed on an Android phone. Based on the party who discovered this bug, Checkmarx, security holes are known to appear in the Google Camera application on a number of Pixel phones made by Google, up to a series of Samsung devices.
Although not specified in any series of phones, Checkmarx estimates the potential number of mobile phones affected to reach hundreds of millions, the number claimed the largest at this time. In fact, the security hole, codenamed CVE-2019-2234, can allow malicious applications to enter and remotely control camera applications, from taking photos to recording videos.
Not only that, the Google Camera application that was compromised earlier can also access the user’s memory card freely, as well as monitor the user’s location based on GPS data ( location tag ) listed in a photo. Uniquely, all these activities are carried out behind the scenes quietly, without the user being aware.
Requested update Although dangerous, users do not need to worry. Because, the Google and Samsung are aware of the security hole. In fact, Google also confirmed that an update to patch the gap had been spread to mobile vendors since last July. ” This security gap has been resolved on affected Google devices through the Play Store update to the Google Camera Application in July 2019,” Google said as quoted by Forbes Thursday (11/21/2019).
“An update to patch the gap has also been available for all vendors,” he added.
Not mentioned whether Samsung has issued an update or not. However, bugs published by security agencies are usually revealed after the vendors have posted an update.
However, there is no harm in users still downloading their mobile firmware to the latest version, to ensure and protect smartphones from various security holes that can be infiltrated by various attacks. To find out more clearly how a simple application can control the camera, see the following Checkmarx video.