Yes, smartphone cameras can be used to spy on you - if
you're not careful.
A researcher claims to have written
an Android app that takes photos and videos using a smartphone camera, even
while the screen is turned off - a pretty handy tool for a spy or a creepy
stalker.
University student Szymon Sidor claimed
in a blog post and a video that his Android app works by using a tiny
preview screen - just 1 pixel x 1 pixel - to keep the camera running in the
background.
Now that most smartphones come with
a camera (or two), and camera use is popular with apps like Instagram that
encourage photo sharing, hackers are finding sneaky ways to exploit them.
Spyware of this sort has been around
for a long time for Windows - the malware called Blackshades for example, which
hackers have used to secretly record victims with their computer's webcam.
This is the latest instance of an
Android application that can hijack a smartphone or tablet's camera for the
same devious purpose.
According to Sidor, the Android
operating system won't allow the camera to record without running a preview -
which is how Sidor discovered that he could make the preview so small that
it is effectively invisible to the naked eye.
Sidor demonstrated how the app works
in a video, using his Nexus 5 smartphone.
Sidor said his app worked so well it
was "scary":
The result
was amazing and scary at the same time - the pixel is virtually impossible to
spot on Nexus 5 screen (even when you know where to look)!
Also it
turned out that even if you turn the screen completely off, you can still take
photos, as long as the pixel is still there.
Allowing the camera to run in the
background - without an indicator in the notification bar - is
"inexcusable" and should be fixed by Google's Android team, Sidor
commented in his blog post.
Selfie spies
There are other Android spyware apps
readily available, such as mSpy, that allow snoops to access a device's
activity such as text messages, location, and even make audio recordings.
In March 2014 we reported at Naked
Security about a spyware app for Google Glass that could take photos
without the Glass display being lit.
Mike Lady and Kim Paterson, graduate
researchers at Cal Poly, in California, uploaded to Play
Store a Google Glass spyware app (disguised as a note-taking app
called Malnotes).
Google only discovered the Glass
spyware and took it down from Play Store when the pair's professor tweeted
about their research experiment.
Perhaps the researchers were wrong
to knowingly violate Google's developer policies to serve up their spyware
- but it's a warning sign that even the all-powerful Google can't completely
secure Google Play against malicious apps.
The best advice we have for Android
users still applies here and in many other examples of bad apps:
- Stick as far as possible to Google Play.
- Avoid apps that request permissions they don't need.
- Consider using an Android anti-virus that will scan apps automatically before you run them for the first time.
No comments:
Post a Comment