Bug in Firefox for Android allows camera and microphone live stream if device is locked
Vložit
- čas přidán 16. 07. 2020
- I demonstrated a bug in Firefox for Android reported in 2019 that lets device camera and microphone active even though the app is not used (in the background) or device is locked.
In my test, when I killed running Firefox, the stream was disconnected after 4 minutes and even survived locked screen. After killing the app it was lagging but still streaming without user knowledge.
This bug can't be misused remotely however, in the hypothetical attack scenario it could be used as Stalkerware/Spouseware since, physical access to device is necessary.
Original bug report: bugzilla.mozilla.org/show_bug...
ZDNet: www.zdnet.com/article/firefox...
(0:00): Firefox Android issue
(1:15): Vulnerability demo
(3:51): Impact
(4:30): Tips
#Android #Firefox #BugBounty - Věda a technologie
(0:00): Firefox Android issue
(1:15): Vulnerability demo
(3:51): Impact (Stalkerware scenario)
(4:30): Tips
Bother how hack in girl friend mobile
breach is demonstrated beautifully. thank u
Thanks! I tried to make is as clear as possible for viewers to understand the privacy concerning impact ✌
😍big fan of u bro.. Lots of love from India 😊
Have you tested Firefox focus? Will we get the same result?
This vulnerability is critical and is not acceptable to only fix in October
I just checked Firefox Focus does not seem to have camera and microphone permission. Might be a better choice
@@EdduMota Thanks for the update! I havent tested it, however if it doesnt have these permissions the it shouldn't be vulnerable
Good that I use brave.
Nice voice like I'm listening to ASMR
Thanks sir
Love it
Wowowo nice
what if you press "force stop" in settings. I think it will be good solution for this. I use greenify to force stop all apps after use.
Force stop should have the same result as killing the app in recent apps.
@@mobilehacker no it doesn't. Go ahead and try it. Removing app from recents DOES NOT kill the app process. I don't know why this guy is saying that.
@@mobilehacker force stop is not equal to clear from recent app list.
But this wouldn't work on Android 9+, right?
Just tested it on Pixel 4, Android 10. I achieved the same results - even when the Firefox process was killed.
@@mobilehacker Hmm, really weird. I thought that's not possible on Android 9+, at least not without a persistent notification.
it's not a bug, it's a feature.
im using uc.mini
Can you make an Arabic translation for us?
Hi
wifi hacking on Android plz
Why are you saying removing from recents menu "kills" the app? If you know android, you would know removing from recent apps doesn't kill the process unless you activate the option from developer settings.
To "kill" the app, simply go to recents, tap n hold the app, go to app info and force stop from there. That will instantly kill the process and will stop all this background video recording.
Yes, force stop from the context menu would immediately kill the process, but I am not sure how many Android users does do that manually after closing their browser instead of removing it from the recent apps menu.
Your inst id