var advanced_ads_pro_visitor_conditions = {"referrer_cookie_name":"advanced_ads_pro_visitor_referrer","referrer_exdays":"365","page_impr_cookie_name":"advanced_ads_page_impressions","page_impr_exdays":"3650"};
var essb_settings = {"ajax_url":"https:\/\/www.lightstalking.com\/wp-admin\/admin-ajax.php","essb3_nonce":"311a2eb85b","essb3_plugin_url":"https:\/\/www.lightstalking.com\/wp-content\/plugins\/easy-social-share-buttons3","essb3_stats":true,"essb3_ga":false,"essb3_ga_ntg":false,"blog_url":"https:\/\/www.lightstalking.com\/","post_id":"441415"};
If you’re running Android on your phone, you might want to read up – and update your OS.
Photo by FOX from Pexels.
That’s because there’s an exploit running wild that lets hackers take control of your phone’s camera. Sounds like fun, doesn’t it?
Moreover, Google says that this issue could possibly impact “hundreds of millions” of phones so it isn’t some small issue, either.
In fact, it might be one of the bigger privacy infringements ever on the Android platform which makes it a code red update for many of us that value the integrity of your smartphone’s security features.
Forbes reports that the web security research firm Checkmarx discovered the exploit back in July, PetaPixel reports. What took them so long to announce it?
Apparently the firm was working with Google and Samsung on a patch for the flaw and waited to go public with their findings until that could be done.
That makes some sense, especially given how many phones are impacted, but that also means that there was quite a bit of time between then and now for hackers to gain control of your Android phone’s camera.
Checkmarx’s Erez Yalon said, “A malicious app running on an Android smartphone that can read the SD card not only has access to past photos and videos, but with this new attack methodology, can be directed to take new photos and videos at will.”
To make sure it all worked as described, Checkmarx created a fake weather app and installed it on a phone and then demonstrated how the app used the exploit to take control of the camera – even when it was not in use – as well as record calls, take pictures and video, access archived files, and even get the GPS tags from photos that were taken.
That’s quite concerning and a huge breach of user privacy but there is a silver lining to all of this.
Google says that, if you have maintained your update schedule on your phone, it should be fine and the patch is already applied to your phone.
If you’re like this author and you hold off on updates, you might want to go on ahead and explore that option as soon as possible.
Do you own an Android phone? Have you been lax in your updates? Let us know your thoughts in the comments below.
Also, be sure to check out some of our other photography news articles on Light Stalking by clicking here.
Kehl is our staff photography news writer since 2017 and has over a decade of experience in online media and publishing and you can get to know him better here and follow him on Insta.
var advanced_ads_cookies = {"cookie_path":"\/","cookie_domain":""};
var advadsCfpInfo = {"cfpExpHours":"3","cfpClickLimit":"3","cfpBan":"7","cfpPath":"","cfpDomain":"www.lightstalking.com"};
var beloadmore = {"url":"https:\/\/www.lightstalking.com\/wp-admin\/admin-ajax.php","query":{"post__not_in":[441415],"category_name":"news","posts_per_page":3}};
var tve_dash_front = {"ajaxurl":"https:\/\/www.lightstalking.com\/wp-admin\/admin-ajax.php","force_ajax_send":"1","is_crawler":"","recaptcha":[],"post_id":"441415"};
var TVE_Ult_Data = {"ajaxurl":"https:\/\/www.lightstalking.com\/wp-admin\/admin-ajax.php","ajax_load_action":"tve_ult_ajax_load","conversion_events_action":"tve_ult_conversion_event","shortcode_campaign_ids":[],"matched_display_settings":[],"campaign_ids":[],"post_id":441415,"is_singular":true,"tu_em":"","evergreen_redirects":[]};
(function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async=true;; po.src = 'https://www.lightstalking.com/wp-content/plugins/easy-social-share-buttons3/lib/modules/conversions-pro/assets/share-conversions-tracker.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();(function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async=true;; po.src = 'https://www.lightstalking.com/wp-content/plugins/easy-social-share-buttons3/assets/modules/pinterest-pro.min.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();(function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async=true;; po.src = 'https://www.lightstalking.com/wp-content/plugins/easy-social-share-buttons3/assets/modules/subscribe-forms.min.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();(function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async=true;; po.src = 'https://www.lightstalking.com/wp-content/plugins/easy-social-share-buttons3/assets/js/essb-core.min.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();
var essb_handle_stats = function(oService, oPostID, oInstance) { var element = jQuery('.essb_'+oInstance); var instance_postion = jQuery(element).attr("data-essb-position") || ""; var instance_template = jQuery(element).attr("data-essb-template") || ""; var instance_button = jQuery(element).attr("data-essb-button-style") || ""; var instance_counters = jQuery(element).hasClass("essb_counters") ? true : false; var instance_nostats = jQuery(element).hasClass("essb_nostats") ? true : false; if (instance_nostats) { return; } var instance_mobile = false; if( (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i).test(navigator.userAgent) ) { instance_mobile = true; } if (typeof(essb_settings) != "undefined") { jQuery.post(essb_settings.ajax_url, { 'action': 'essb_stat_log', 'post_id': oPostID, 'service': oService, 'template': instance_template, 'mobile': instance_mobile, 'position': instance_postion, 'button': instance_button, 'counter': instance_counters, 'nonce': essb_settings.essb3_nonce }, function (data) { if (data) { }},'json'); } }; var essb_log_stats_only = function(service, postId, position) { var instance_mobile = false; if( (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i).test(navigator.userAgent) ) { instance_mobile = true; } if (typeof(essb_settings) != "undefined") { jQuery.post(essb_settings.ajax_url, { 'action': 'essb_stat_log', 'post_id': postId, 'service': service, 'template': position, 'mobile': instance_mobile, 'position': position, 'button': position, 'counter': false, 'nonce': essb_settings.essb3_nonce }, function (data) { if (data) { }},'json'); } };
let ccwpDOMLoaded=!1;
let ccwp_loaded = false;
let resources_length=0;
let resources =undefined;
let is_last_resource = 0;
ccwpUserInteractions=["keydown","mousemove","wheel","touchmove","touchstart","touchend","touchcancel","touchforcechange"];
ccwpUserInteractions.forEach(function(e){
window.addEventListener(e,calculate_load_times);
});
function calculate_load_times() {
// Check performance support
if (performance === undefined) {
console.log("Performance NOT supported");
return;
}
// Get a list of "resource" performance entries
resources = performance.getEntriesByType("resource");
if (resources === undefined || resources.length <= 0) {
console.log("NO Resource performance records");
}
if(resources.length){
resources_length=resources.length;
}
for(let i=0; i < resources.length; i++) {
if(resources[i].responseEnd>0){
is_last_resource = is_last_resource + 1;
}
}
let uag = navigator.userAgent;
let gpat = /Google Page Speed Insights/gm;
let gres = uag.match(gpat);
let cpat = /Chrome-Lighthouse/gm;
let cres = uag.match(cpat);
let wait_till=300;
let new_ua = "Mozilla/5.0 (Linux; Android 11; moto g power (2022)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Mobile Safari/537.36";
let new_ua2 = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36";
if(gres || cres || uag==new_ua || uag==new_ua2){
wait_till = 3000;
}
if(is_last_resource==resources.length){
setTimeout(function(){
console.log("ccwpTriggerDelayedScripts timeout : "+wait_till);
ccwpTriggerDelayedScripts();
},wait_till);
}
}
window.addEventListener("load", function(e) {
console.log("load complete");
setTimeout(function(){
calculate_load_times();
},100);
});async function ccwpTriggerDelayedScripts() {
if(ccwp_loaded){ return ;}
ccwpPreloadStyles();
ccwpPreloadDelayedScripts();
ccwpLoadCss();
ccwpScriptLoading();
ccwp_loaded=true;
}
function ccwpPreloadStyles() {
let e = document.createDocumentFragment();
var cssEle = document.querySelectorAll("link[rel=ccwpdelayedstyle]");
for(let i=0; i <= cssEle.length;i++){
if(cssEle[i]){
cssEle[i].href = removeVersionFromLink(cssEle[i].href);
let r = document.createElement("link");
r.href = cssEle[i].href;
r.rel = "preload";
r.as = "style";
e.appendChild(r);
}
}
document.head.appendChild(e);
}
function ccwpPreloadDelayedScripts() {
var e = document.createDocumentFragment();
document.querySelectorAll("script[type=ccwpdelayedscript]").forEach(function(t) {
var n = removeVersionFromLink(t.getAttribute("src"));
if (n) {
t.setAttribute("src", n);
var r = document.createElement("link");
r.href = n, r.rel = "preload", r.as = "script", e.appendChild(r)
}
}), document.head.appendChild(e)
}
function ccwpScriptLoading(){
var jsEle = document.querySelectorAll("script[type=ccwpdelayedscript]");
jsEle.forEach(function(t) {
t.type = "text/javascript";
if(t.src)
{
t.src = removeVersionFromLink(t.src);
}
});
}function ccwpLoadCss(){
var cssEle = document.querySelectorAll("link[rel=ccwpdelayedstyle]");
for(let i=0; i <= cssEle.length;i++){
if(cssEle[i]){
cssEle[i].href = removeVersionFromLink(cssEle[i].href);
cssEle[i].rel = "stylesheet";
cssEle[i].type = "text/css";
}
}var cssEle = document.querySelectorAll("style[type=ccwpdelayedstyle]");
for(let i=0; i <= cssEle.length;i++){
if(cssEle[i]){
cssEle[i].type = "text/css";
}
}
}
function removeVersionFromLink(link)
{
if(ccwpIsValidUrl(link))
{
const url = new URL(ccwpFormatLink(link));
url.searchParams.delete("ver");
url.searchParams.delete("time");
return url.href;
}
else{
return link;
}
}
function ccwpIsValidUrl(urlString)
{
if(urlString){
var expression =/[-a-zA-Z0-9@:%_\+.~#?&//=]{2,256}\.[a-z]{2,4}\b(\/[-a-zA-Z0-9@:%_\+.~#?&//=]*)?/gi;
var regex = new RegExp(expression);
return urlString.match(regex);
}
return false;
}
function ccwpFormatLink(link)
{
let http_check=link.match("http:");
let https_check=link.match("https:");
if(!http_check && !https_check)
{
return location.protocol+link;
}
return link;
}
2 Comments
Makes me glad I kept up with updates even when they come at inconvenient times.
That’s one advantage! Thanks for the comment Martin 🙂