Android Camera Service Background Access Vulnerability Allowing Privilege Escalation

A permissions bypass vulnerability has been identified in the CameraService component of Android, specifically within the file CameraService.cpp. This vulnerability allows applications to access the camera from the background, which could lead to unauthorized use of the camera. The issue arises from improper handling of camera permissions, enabling apps to retain camera access even when they are not in the foreground. Exploitation of this vulnerability could result in local escalation of privileges, as it allows apps to bypass normal permission restrictions and gain elevated access to system resources or user data.

Impact

Exploitation of this vulnerability could lead to unauthorized background access to the camera, allowing applications to capture images or video without the user's knowledge. This could be used for malicious purposes, such as spying or recording sensitive information.

Reproduction

To reproduce this vulnerability, an application must be granted camera permissions and then moved to the background. The CameraService will not properly revoke access, allowing the app to use the camera while it is not in the foreground. This can be tested with video conferencing applications like Zoom, which may inadvertently access the camera without user awareness.

Remediation

Users can update their devices to the May 2025 security patch level to address this vulnerability.