Android aficionados beware. A newly found vulnerability in Google's camera apps has let the hackers sneakily snoop into the Android devices. The vulnerability can even let the bad guys take a snap or record videos and audio even when the device screen is locked.

Erez Yalon, Director and Pedro Umbelino, Senior Security Researcher of the Security research firm Checkermax, has labelled the vulnerability as CVE-2019-2234. They have further asserted that the vulnerability was triggered to victimize Google pixel, and Samsung manufactured smartphones primarily.

Samsung Galaxy Fold set to hit stores in late April 2019.Samsung Mobile Press
Representational image: Samsung Galaxy Fold set to hit stores in late April 2019. Samsung Mobile Press

Malware disguised as genuine apps

The vulnerability has also left a plethora of Android devices unshielded. Because many of the already-installed malware disguised as genuine apps might be utilizing the vulnerability to retrieve device stored photos, videos, and pull out GPS metadata from those images. Alongside, it can also help them to turn on the device camera or microphone even when the smartphone is in standby mode.

For proving its claim, Checkermax crafted an app as a Proof of Concept (PoC), which would require only necessary permission from the user. While the client part of the malicious app runs in the user device, the app is stringed to a server part as well, which remains connected to the hackers Command-n-Control server.

Google and Samsung's rapid efforts

Once the client part starts working in the victim's device, it establishes an active connection with the other part of the app connected to the C2 server. It lets the hacker control it from any geographical location in the world.

The PoC app crafted as a weather app, and it would have passed the security gateway of Google Play Store until they disclosed the vulnerability to Google. The researchers have further praised both Google and Samsung's rapid effort to address the issue, mentioning their prompt response to address and fix the vulnerability.