Bug in Firefox for Android allows camera and microphone live stream if device is locked

Подписаться 392 тыс.

Просмотров 11 тыс.

50% 1

I demonstrated a bug in Firefox for Android reported in 2019 that lets device camera and microphone active even though the app is not used (in the background) or device is locked.
In my test, when I killed running Firefox, the stream was disconnected after 4 minutes and even survived locked screen. After killing the app it was lagging but still streaming without user knowledge.
This bug can't be misused remotely however, in the hypothetical attack scenario it could be used as Stalkerware/Spouseware since, physical access to device is necessary.
Original bug report: bugzilla.mozilla.org/show_bug...
ZDNet: www.zdnet.com/article/firefox...
(0:00): Firefox Android issue
(1:15): Vulnerability demo
(3:51): Impact
(4:30): Tips
#Android #Firefox #BugBounty

Наука

Опубликовано:

1 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 27

@mobilehacker 4 года назад

(0:00): Firefox Android issue (1:15): Vulnerability demo (3:51): Impact (Stalkerware scenario) (4:30): Tips

@mdchannel7154 3 года назад

Bother how hack in girl friend mobile

@TechTalkHops 4 года назад

breach is demonstrated beautifully. thank u

@mobilehacker 4 года назад

Thanks! I tried to make is as clear as possible for viewers to understand the privacy concerning impact ✌

@gauravthakur9259 3 года назад

😍big fan of u bro.. Lots of love from India 😊

@legend-uy1th 3 года назад

Thanks sir

@unkonw9621 4 года назад

Love it

@uttarkhandcooltech1237 4 года назад

Wowowo nice

@EdduMota 4 года назад

Have you tested Firefox focus? Will we get the same result? This vulnerability is critical and is not acceptable to only fix in October

@EdduMota 4 года назад

I just checked Firefox Focus does not seem to have camera and microphone permission. Might be a better choice

@mobilehacker 4 года назад

@@EdduMota Thanks for the update! I havent tested it, however if it doesnt have these permissions the it shouldn't be vulnerable

@nonasuomynona1734 4 года назад

Good that I use brave. Nice voice like I'm listening to ASMR

@chaitanyakush 4 года назад

what if you press "force stop" in settings. I think it will be good solution for this. I use greenify to force stop all apps after use.

@mobilehacker 4 года назад

Force stop should have the same result as killing the app in recent apps.

@raghav265 4 года назад

@@mobilehacker no it doesn't. Go ahead and try it. Removing app from recents DOES NOT kill the app process. I don't know why this guy is saying that.

@chaitanyakush 4 года назад

@@mobilehacker force stop is not equal to clear from recent app list.

@michalsafranko2833 4 года назад

But this wouldn't work on Android 9+, right?

@mobilehacker 4 года назад

Just tested it on Pixel 4, Android 10. I achieved the same results - even when the Firefox process was killed.

@michalsafranko2833 4 года назад

@@mobilehacker Hmm, really weird. I thought that's not possible on Android 9+, at least not without a persistent notification.

@maxgame231 3 года назад

im using uc.mini

@user-dv1hh9sw9s 3 года назад

Can you make an Arabic translation for us?

@raghav265 4 года назад

Why are you saying removing from recents menu "kills" the app? If you know android, you would know removing from recent apps doesn't kill the process unless you activate the option from developer settings. To "kill" the app, simply go to recents, tap n hold the app, go to app info and force stop from there. That will instantly kill the process and will stop all this background video recording.

@mobilehacker 4 года назад

Yes, force stop from the context menu would immediately kill the process, but I am not sure how many Android users does do that manually after closing their browser instead of removing it from the recent apps menu.