Yes, your smartphone camera can be used to spy on you...

Filed Under: Android, Featured, Google, Mobile, Privacy, Security threats

smartphone-camera-170Yes, smartphone cameras can be used to spy on you - if you're not careful.

A researcher claims to have written an Android app that takes photos and videos using a smartphone camera, even while the screen is turned off - a pretty handy tool for a spy or a creepy stalker.

University student Szymon Sidor claimed in a blog post and a video that his Android app works by using a tiny preview screen - just 1 pixel x 1 pixel - to keep the camera running in the background.

Now that most smartphones come with a camera (or two), and camera use is popular with apps like Instagram that encourage photo sharing, hackers are finding sneaky ways to exploit them.

Spyware of this sort has been around for a long time for Windows - the malware called Blackshades for example, which hackers have used to secretly record victims with their computer's webcam.

This is the latest instance of an Android application that can hijack a smartphone or tablet's camera for the same devious purpose.

According to Sidor, the Android operating system won't allow the camera to record without running a preview - which is how Sidor discovered that he could make the preview so small that it is effectively invisible to the naked eye.

Sidor demonstrated how the app works in a video, using his Nexus 5 smartphone.

Sidor said his app worked so well it was "scary":

The result was amazing and scary at the same time - the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)!

Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.

Allowing the camera to run in the background - without an indicator in the notification bar - is "inexcusable" and should be fixed by Google's Android team, Sidor commented in his blog post.

Selfie spies

smartphone-spycam-170There are other Android spyware apps readily available, such as mSpy, that allow snoops to access a device's activity such as text messages, location, and even make audio recordings.

In March 2014 we reported at Naked Security about a spyware app for Google Glass that could take photos without the Glass display being lit.

Mike Lady and Kim Paterson, graduate researchers at Cal Poly, in California, uploaded to Play Store a Google Glass spyware app (disguised as a note-taking app called Malnotes).

Google only discovered the Glass spyware and took it down from Play Store when the pair's professor tweeted about their research experiment.

Perhaps the researchers were wrong to knowingly violate Google's developer policies to serve up their spyware - but it's a warning sign that even the all-powerful Google can't completely secure Google Play against malicious apps.

The best advice we have for Android users still applies here and in many other examples of bad apps:

  • Stick as far as possible to Google Play.
  • Avoid apps that request permissions they don't need.
  • Consider using an Android anti-virus that will scan apps automatically before you run them for the first time.

Free download (no registration, no time-limit)...

Images of smartphone camera and phone surveillance camera courtesy of Shutterstock.

, , , , , , , , , ,

You might like

16 Responses to Yes, your smartphone camera can be used to spy on you...

  1. Josh Kirschner · 499 days ago

    "This is one of the first reported instances, however, of an app that successfully uses the smartphone camera without the user's knowledge."

    I'm a little confused by your comment. There are many spyware apps that are capable of taking photos with a phone's camera without the user's knowledge, and these spyware apps have been around for quite some time.

    I've personally tested nearly a dozen spyware apps and can confirm many have this capability (

    While an antimalware app on your phone is a wise idea, it's also been my experience, in testing antimalware apps against spyware and speaking with representatives from the major antimalware firms (including Sophos), that companies have been far too willing to classify these types of programs as "potentially unwanted apps (PUA)", rather than true malware. PUA are often excluded from the malware listings, leaving you open to spying from a malicious actor.

    • Paul Ducklin · 496 days ago

      We updated the article to take your remarks into account...thanks!

      As for Sophos and PUAs, we do classify some of these "for sale openly" spyware apps as PUAs (e.g. mSpy), but that's just a post-detection category that we display.

      We still identify and block the mSpy app, and other PUAs, as threats as soon as you try to install them, same as for any other threat (outright malware or not).

      PUA detection can be turned off separately from other threat detections, but it is _on_ by default.

  2. Serpico · 498 days ago

    Just out of curiousity, would Sophos anti virus app have picked up the above mentioned spywares in its scan?

    • Paul Ducklin · 498 days ago

      I don't think the research app was released, so there's nothing to block. As for other spyware, generally Sophos will block it, e.g. mSpy (mentioned above).

  3. Anonymous · 498 days ago

    Okay, it's Android phone.... is that mean Iphone is safe?

    • Anonymous · 497 days ago

      The only "safe" device is no device..... If you follow security at all you'd know it just a matter of time before someone finds a working hack.

    • Josh Kirschner · 437 days ago

      No. The same spyware exists for iPhones, as well (I've tested it). Though in all cases I've seen, the iPhone must be jailbroken first.

  4. SpecterTechOps · 497 days ago

    Assume if it;s tech there is someone who knows how to make it not safe regardless of manufacturer and type ie. phone, pc, apple computer, or even some smart televisions. Precaution toward paranoia is the only true protection, unfortunately.

  5. Mathias Poujol-Rost · 496 days ago

    One of the numerous reason why I don't have a "smart"-phone.

    YOU shall be smart while buying & using it.

  6. CIA · 485 days ago

    Do you know since when is the ability to stealthily take photos available in the market, my research says since early 2013 is it true?

    • Josh Kirschner · 437 days ago

      Far longer. At least since 2011, probably earlier.

  7. 😁 · 484 days ago

    I got black tape stuck on mine works with even the most experienced hackers lol :p

  8. matt · 248 days ago

    Haha. Spy all you want. I dont use credit cards and i dont care what you see. I wake up. Work. Eat. Poop. Sleep. If you want to spend all day taking pics of that go ahead. The zoo is probably more entertaining in my opinion. I dont understand why people are so scared.

  9. IThinkI'mBeingWatched · 198 days ago

    I am having a problem getting any kind of hardening software or anti hacking security software downloaded onto my android. I have a potential stalker and can't seem to shake them Bc not knowing exactly what they or others who know them are capable of and don't want to find out they have threatened loved ones and even me if I didn't do as they want even when I kept saying no they they weren't trying to hear it. So now Iam stuck in a very cconfusing situation and need urgent help getting This squashed so I can have peace of mind for me and my loved ones.

    • Stalker · 149 days ago

      I think so too the person has recordings and seems to know where I am. I am wondering how they know this.

  10. taytay · 114 days ago

    Lol this is kinda not good

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.