



Szymon Sidor has found a loophole in Android that allows malicious apps to take control of your smartphone cameras and upload the images to an unknown server without users permission. Once again another serious security bug have been disclosed by a researcher in Android OS. Former Google employee,has found a loophole in Android that allows malicious apps to take control of your smartphone cameras and upload the images to an unknown server without users permission.









As like other apps, Sidor apps also shows the preview while capturing photos, but he had changed the dimension of the preview into 1px only.









For POC of the vulnerability Sidor have recreated the loophole video demonstration, you can check the below video for further understanding.









Day-by-day, threats on mobile users is rapidly increasing, and its mainly targeting Android mobile phones. Android is one of the most popular mobile OS owned by Google Inc. Recently we have reported that there are many of the fake and malicious app presents on the apps store . Users download these apps without having the prior information about it.Sidor have discussed the vulnerability in its blog, that some simple code can force an Android phone to secretly capture photographs. Sidor was able to create an app that gets around Android’s requirement that a preview must be displayed on a device’s screen when a photo is being captured.In other words, instead of showing the viewfinder preview feed on the phone’s entire screen, Sidor’s app sends the feed to just one pixel so it is basically invisible. Since modern smartphone displays have so many pixels, having one light up on a full HD display packed with more than two million pixels is impossible for the user to notice, whether the screen is on or off.The app was also able to capture other details from the device, such as battery level and even the user's current location.