Bug in Firefox for Android allows camera and microphone live stream if device is locked
Ғылым және технология
I demonstrated a bug in Firefox for Android reported in 2019 that lets device camera and microphone active even though the app is not used (in the background) or device is locked.
In my test, when I killed running Firefox, the stream was disconnected after 4 minutes and even survived locked screen. After killing the app it was lagging but still streaming without user knowledge.
This bug can't be misused remotely however, in the hypothetical attack scenario it could be used as Stalkerware/Spouseware since, physical access to device is necessary.
Original bug report: bugzilla.mozilla.org/show_bug...
ZDNet: www.zdnet.com/article/firefox...
(0:00): Firefox Android issue
(1:15): Vulnerability demo
(3:51): Impact
(4:30): Tips
#Android #Firefox #BugBounty
Пікірлер: 27
(0:00): Firefox Android issue (1:15): Vulnerability demo (3:51): Impact (Stalkerware scenario) (4:30): Tips
@mdchannel7154
3 жыл бұрын
Bother how hack in girl friend mobile
breach is demonstrated beautifully. thank u
@mobilehacker
4 жыл бұрын
Thanks! I tried to make is as clear as possible for viewers to understand the privacy concerning impact ✌
😍big fan of u bro.. Lots of love from India 😊
Love it
Have you tested Firefox focus? Will we get the same result? This vulnerability is critical and is not acceptable to only fix in October
@EdduMota
4 жыл бұрын
I just checked Firefox Focus does not seem to have camera and microphone permission. Might be a better choice
@mobilehacker
4 жыл бұрын
@@EdduMota Thanks for the update! I havent tested it, however if it doesnt have these permissions the it shouldn't be vulnerable
Thanks sir
Wowowo nice
Good that I use brave. Nice voice like I'm listening to ASMR
what if you press "force stop" in settings. I think it will be good solution for this. I use greenify to force stop all apps after use.
@mobilehacker
4 жыл бұрын
Force stop should have the same result as killing the app in recent apps.
@raghav265
4 жыл бұрын
@@mobilehacker no it doesn't. Go ahead and try it. Removing app from recents DOES NOT kill the app process. I don't know why this guy is saying that.
@chaitanyakush
3 жыл бұрын
@@mobilehacker force stop is not equal to clear from recent app list.
But this wouldn't work on Android 9+, right?
@mobilehacker
4 жыл бұрын
Just tested it on Pixel 4, Android 10. I achieved the same results - even when the Firefox process was killed.
@michalsafranko2833
4 жыл бұрын
@@mobilehacker Hmm, really weird. I thought that's not possible on Android 9+, at least not without a persistent notification.
im using uc.mini
it's not a bug, it's a feature.
Hi
Can you make an Arabic translation for us?
Why are you saying removing from recents menu "kills" the app? If you know android, you would know removing from recent apps doesn't kill the process unless you activate the option from developer settings. To "kill" the app, simply go to recents, tap n hold the app, go to app info and force stop from there. That will instantly kill the process and will stop all this background video recording.
@mobilehacker
4 жыл бұрын
Yes, force stop from the context menu would immediately kill the process, but I am not sure how many Android users does do that manually after closing their browser instead of removing it from the recent apps menu.
wifi hacking on Android plz
Your inst id